OpenAI Codex Issue #2847: Excluding Sensitive Files Still Unresolved – Workarounds and Risks
OpenAI Codex issue #2847 about excluding sensitive files from context is still unresolved. This post covers the problem, current workarounds, and why it's a critical missing feature for production use.
OpenAI Codex issue #2847, requesting a way to exclude sensitive files like .env or credentials from context, has been open since early 2024 and remains unresolved. Without this, every file in the workspace is sent to the model, creating privacy and compliance risks for teams handling secrets.
Why This Matters
Codex reads your entire project context. If you have a .env file with API keys or a config/ directory with secrets, Codex ingests them. This is a compliance risk under SOC 2 or HIPAA. The issue has 370 upvotes on Hacker News, showing widespread demand.
Current State of the Issue
The GitHub thread shows maintainers acknowledged the request but haven't shipped a solution. The last official comment from OpenAI was in mid-2024, saying they are "exploring options." No ETA. The issue is labeled "enhancement" but not prioritized.
// stay current
AI & ML insights, weekly
Practical deep-dives on LLMs, developer tools, and AI engineering. No filler. Unsubscribe any time.
// written byFIG. AUTH-01
538
Mahmudul Haque Qudrati
CEO & ML Engineer
CEO and ML Engineer at Pristren. Builds AI-powered software for teams and writes about machine learning, LLMs, developer tools, and practical AI applications.
Manual file exclusion via .gitignore: Some users symlink their project to a temp directory, stripping out sensitive files before invoking Codex. This is brittle and error-prone.
Custom wrapper scripts: A common pattern is a shell script that copies the project to /tmp/codex-context, deletes sensitive paths, then runs Codex. Example:
Environment variable injection: Some users rely on Codex's ability to read environment variables, but this doesn't prevent file scanning - it only masks values at runtime.
Third-party tools: Tools like git-secrets or truffleHog can scan for secrets before running Codex, but they don't prevent the API call from including them.
Why OpenAI Hasn't Fixed It
Speculation: The feature may be non-trivial because Codex's context window is built from the filesystem tree. Adding exclusion logic requires changes to the file scanning pipeline, which could affect performance. Also, OpenAI may be prioritizing agentic features (like Codex Sandbox) over this. But the lack of progress frustrates users who need it for production.
What This Means for Your Workflow
If you're using Codex in a CI/CD pipeline or with sensitive repos, you must implement a workaround. The risk of accidental data leakage is real. For example, a developer at a fintech startup accidentally sent a .env.production file with database credentials to Codex - the logs were stored on OpenAI's servers. That's a breach.
Alternatives to Consider
Local models: If exclusion is critical, consider running a local model like Code Llama or StarCoder. They don't send data anywhere. The tradeoff is lower quality and higher hardware cost.
Cursor: Cursor IDE has built-in file exclusion rules for its AI features. It's a paid product but handles this out of the box.
GitHub Copilot: Copilot ignores files listed in .copilotignore. It's not perfect but exists.
The Bottom Line
Issue #2847 is a symptom of a larger gap: AI coding tools assume you want to share everything. For production teams, that's not acceptable. Until OpenAI ships a solution, you must build your own guardrails. The workarounds above are pragmatic but not ideal. If this feature is a dealbreaker, evaluate alternatives.
If you need a tool that respects your file boundaries, try Zlyqor. It's built for production teams that need control over context. Sign up at app.zlyqor.com.
Frequently Asked Questions
What is the OpenAI Codex issue #2847 about?
It's a GitHub issue requesting a way to exclude sensitive files (like .env, credentials) from being sent to Codex as context. The issue remains open with no official solution from OpenAI.
How can I exclude sensitive files from Codex right now?
You can use workarounds like a custom wrapper script that copies your project to a temp directory, excluding sensitive files via rsync or cp. Or use tools like .gitignore-based symlinks. None are built-in.
Why hasn't OpenAI fixed this issue?
Likely due to complexity in the file scanning pipeline and competing priorities. OpenAI has acknowledged the request but hasn't provided an ETA.
What are the risks of not excluding sensitive files?
Sending secrets (API keys, passwords, private keys) to OpenAI's servers can lead to data breaches, compliance violations (SOC 2, HIPAA), and exposure of intellectual property.
Are there alternatives to Codex that support file exclusion?
Yes. Cursor IDE has built-in exclusion rules. GitHub Copilot supports .copilotignore. Local models like Code Llama don't send data externally.
Is there a way to vote or push for this feature?
You can upvote the GitHub issue and comment. However, OpenAI hasn't indicated that community votes directly influence priority.
Will Zlyqor solve this problem?
Zlyqor is designed with context control in mind, allowing you to define which files are included. It's a viable alternative for teams that need strict boundaries.