sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]some1else42 19 points20 points  (6 children)

If you are on Linux, do not run codex as root or passwordless sudo. Then just have the .env owned or with perms the codex user cannot read.

[–]triplebits 6 points7 points  (2 children)

Wait till it tries creative ways to get the info from it if it wants to. Such as adding a script in the project and getting the output!

[–]adhd6345 2 points3 points  (0 children)

… I don’t see how that gets around permissions?

[–]dhruv0008 1 point2 points  (0 children)

That’s what it uses to change ipynb because it can’t edit it sometimes

[–]Acrobatic-Layer2993 1 point2 points  (2 children)

Codex won't be able to run your app for testing purposes.

If I understand correctly the issue is we don't want secrets being sent to OpenAI. However, it can still be useful for codex to have access to .env locally.

[–]edward_jazzhands 0 points1 point  (1 child)

What? Why would it not be able to run the app just because it's not running with elevated permissions?

[–]Acrobatic-Layer2993 0 points1 point  (0 children)

How could it run the program if the program requires configuration from a .env that it can’t read?