Skip to content

Instantly share code, notes, and snippets.

@pmav99

pmav99/codex_setup.md

Last active March 31, 2026 08:39
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save pmav99/b404326373325a1025d0b2d311e2f9c8 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save pmav99/b404326373325a1025d0b2d311e2f9c8 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
codex_setup.md

Setup: codex wrapper for Azure OpenAI

This wrapper checks for an Azure OpenAI API key before launching codex. If the key is missing or insecure, it falls back to the openai profile.

1. Configure codex

Create ~/.codex/config.toml with the following content:

# ~/.codex/config.toml
profile = "azure"
personality = "pragmatic"

[profiles.openai]
model_provider = "openai"
model = "gpt-5.4"
model_reasoning_effort = "high"

[profiles.azure]
model_provider = "azure"
model = "gpt-5.4"
model_reasoning_effort = "xhigh"

[profiles.pro]
model_provider = "azure"
model = "gpt-5.4-pro"
model_reasoning_effort = "xhigh"

[model_providers.azure]
name = "Azure OpenAI"
base_url = "https://run4moreDevelopAgents.openai.azure.com/openai"
wire_api = "responses"
env_key = "AZURE_OPENAI_API_KEY"
query_params = { api-version = "2025-03-01-preview" }

2. Set up the Azure key

mkdir -p ~/.codex
echo -n 'YOUR_KEY_HERE' > ~/.codex/AZURE_OPENAI_API_KEY
chmod 600 ~/.codex/AZURE_OPENAI_API_KEY

3. Create the wrapper script

Place the following script somewhere on your $PATH, before the real codex binary, and name it codex:

cat > /path/to/your/bin/codex << 'SCRIPT'
#!/usr/bin/env bash
set -euo pipefail

# Find the upstream codex, skipping ourselves.
SELF="$(cd "$(dirname "$0")" && pwd)/$(basename "$0")"
UPSTREAM=$(type -Pa codex | grep -vxF "${SELF}" | head -1)
if [[ -z "${UPSTREAM}" ]]; then
    echo "ERROR: upstream codex executable not found in PATH" >&2
    exit 1
fi

KEY_FILE="${HOME}/.codex/AZURE_OPENAI_API_KEY"

if [[ ! -f "${KEY_FILE}" ]]; then
    echo "WARNING: ${KEY_FILE} not found. Running with the 'openai' profile." >&2
    exec "${UPSTREAM}" --profile openai "${@}"
fi

perms=$(stat -c '%a' "${KEY_FILE}")
if [[ "${perms}" != "600" ]]; then
    echo "WARNING: ${KEY_FILE} has permissions ${perms} (expected 600). Running with the 'openai' profile." >&2
    exec "${UPSTREAM}" --profile openai "${@}"
fi

AZURE_OPENAI_API_KEY=$(<"${KEY_FILE}")
export AZURE_OPENAI_API_KEY

exec "${UPSTREAM}" "${@}"
SCRIPT

chmod +x /path/to/your/bin/codex

4. Verify

# Should show your wrapper first, then the real codex
type -Pa codex

How it works

  • No key file — falls back to codex --profile openai
  • Key file with wrong permissions — warns and falls back to codex --profile openai
  • Key file with 600 permissions — exports AZURE_OPENAI_API_KEY and runs codex with the default azure profile

You can also use --profile pro for the more capable gpt-5.4-pro model. All arguments are passed through to the upstream codex.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment