A Way to Exclude Sensitive Files Issue Still Open for OpenAI Codex

What happened

A GitHub issue in openai/codex about missing support for excluding sensitive file patterns has resurfaced on HN (172 points) after multiple leak incidents.

Context and impact

Codex CLI today uploads the entire working tree to a remote runtime, meaning .env, credentials.json, and other secrets can end up in session logs. The community has proposed .codexignore or honoring .gitignore. OpenAI has not formally responded on the issue. For teams deploying Codex in production this is a significant security risk and an adoption blocker.

Details

• 172 points on HN
• No official OpenAI comment on the issue
• Workaround: manually delete sensitive files before session
• Community PR proposals not yet merged