A way to exclude sensitive files issue still open for OpenAI Codex

- Notifications You must be signed in to change notification settings - Fork 14k A way to exclude sensitive files #2847 Copy link Copy link Open Labels enhancementNew feature or requestNew feature or requestsandboxIssues related to permissions or sandboxingIssues related to permissions or sandboxing Description What feature would you like to see? - A mechanism to explicitly mark files/paths that the agent must not read or send to the model, at both repository and global levels (e.g., a repo-local .codexignore plus a global ignore file). - Example: keep node_modules/ searchable for implementation checks, but never read or send .env, .env.*, .pem, id_, .aws/, .ssh/. - The configuration should be deterministic and shareable across the team/repo, and also support user defaults, rather than relying on project documentation or conventions. Are you interested in implementing this feature? - Yes — I can contribute and tests. Additional information Related: #205. That issue surfaced two primary use cases: preventing sensitive data from being sent to the model and excluding large/irrelevant files. The issue was closed in favor of a Rust (codex-rs) implementation, but as of 2025-08-28 a comparable feature does not appear to exist in codex-rs. I’d like to restart the discussion and converge on a design. Reactions are currently unavailable Metadata Metadata Assignees Labels enhancementNew feature or requestNew feature or requestsandboxIssues related to permissions or sandboxingIssues related to permissions or sandboxing Type Fields Give feedbackNo fields configured for issues without a type.