OpenAI Codex CLI
Add usage tracking, cost controls, and security guardrails to your Codex CLI deployment
OpenAI Codex CLI is a lightweight coding agent that runs directly in your terminal, letting you interact with AI to analyze, modify, and execute code in your projects. While Codex delivers powerful code generation and execution capabilities, Portkey adds essential enterprise controls for production deployments:
- Unified AI Gateway - Single interface for 250+ LLMs with API key management (beyond Codex’s default model options)
- Centralized AI observability: Real-time usage tracking for 40+ key metrics and logs for every request
- Governance - Real-time spend tracking, set budget limits and RBAC in your Codex setup
- Security Guardrails - PII detection, content filtering, and compliance controls
This guide will walk you through integrating Portkey with OpenAI Codex CLI and setting up essential enterprise features including usage tracking, access controls, and budget management.
If you are an enterprise looking to use Codex CLI in your organization, check out this section.
1. Setting up Portkey
Portkey allows you to use 1600+ LLMs with your OpenAI Codex setup, with minimal configuration required. Let’s set up the core components in Portkey that you’ll need for integration.
Create an Integration
Navigate to the Integrations section on Portkey’s Sidebar. This is where you’ll connect your LLM providers.
- Find your preferred provider (e.g., OpenAI, Anthropic, etc.)
- Click Connect on the provider card
- In the “Create New Integration” window:
- Enter a Name for reference
- Enter a Slug for the integration
- Enter your API Key and other provider specific details for the provider
- Click Next Step
In your next step you’ll see workspace provisioning options. You can select the default “Shared Team Workspace” if this is your first time OR chose your current one.
Configure Models
On the model provisioning page:
- Leave all models selected (or customize)
- Toggle Automatically enable new models if desired
Click Create Integration to complete the integration
Copy the Provider Slug
Once your Integration is created:
- Go to Model Catalog → Models tab
- Find and click on you your model button (if your model is not visible, you need to edit your integration from the last step)
- Copy the slug (e.g.,
@openai-dev/gpt-4o)
We recommend clicking the Run Test Request button on this step to verify your integration. If you see the error: You do not have enough permissions to execute this request, you’ll need to create a User API Key for this step to work properly.
You can create one here. You should be able to see simple chat request output on this step.
This is your unique identifier - you’ll need it for the next step. This slug is basically @your-provider-slug/your-model-name
Create Default Config
Portkey’s config is a JSON object used to define routing rules for requests to your gateway. You can create these configs in the Portkey app and reference them in requests via the config ID. For this setup, we’ll create a simple config using your provider (OpenAI) and model (gpt-4o).
- Go to Configs in Portkey dashboard
- Create new config with:
- Save and note the Config ID & Name for the next step
Configure Portkey API Key
Finally, create a Portkey API key:
- Go to API Keys in Portkey
- Create new API key
- Select the config that you create from previous step
- Generate and save your API key
Save your API key securely - you’ll need it for OpenAI Codex integration.
🎉 Voila, Setup complete! You now have everything needed to integrate Portkey with your application.
2. Integrate Portkey with OpenAI Codex CLI
Now that you have your Portkey components set up, let’s connect them to OpenAI Codex CLI. The integration leverages Codex’s provider configuration options to route all requests through Portkey’s AI Gateway.
You need your Portkey API Key from Step 1 before going further.
Using Portkey Configuration File
OpenAI Codex CLI supports a configuration file where you can specify your AI provider settings. Let’s set up this configuration to use Portkey:
- Create or edit the Codex configuration file at
~/.codex/config.json:
- Set your Portkey API key as an environment variable:
Note: This command sets the key only for your current terminal session. You can add the
exportline to your shell’s configuration file (e.g.,~/.zshrc) for persistence, or place it in a.envfile at the root of your project.
- Test your integration:
3. Set Up Enterprise Governance for OpenAI Codex
Why Enterprise Governance? If you are using OpenAI Codex inside your orgnaization, you need to consider several governance aspects:
- Cost Management: Controlling and tracking AI spending across teams
- Access Control: Managing team access and workspaces
- Usage Analytics: Understanding how AI is being used across the organization
- Security & Compliance: Maintaining enterprise security standards
- Reliability: Ensuring consistent service across all users
- Model Management: Managing what models are being used in your setup
Portkey adds a comprehensive governance layer to address these enterprise
Enterprise Implementation Guide
Step 1: Implement Budget Controls & Rate Limits
Step 1: Implement Budget Controls & Rate Limits
Step 1: Implement Budget Controls & Rate Limits
Model Catalog enables you to have granular control over LLM access at the team/department level. This helps you:
- Set up budget limits
- Prevent unexpected usage spikes using Rate limits
- Track departmental spending
Setting Up Department-Specific Controls:
- Navigate to Model Catalog in Portkey dashboard
- Create new Provider for each engineering team with budget limits and rate limits
- Configure department-specific limits
Step 2: Define Model Access Rules
Step 2: Define Model Access Rules
Step 2: Define Model Access Rules
As your AI usage scales, controlling which teams can access specific models becomes crucial. You can simply manage AI models in your org by provisioning model at the top integration level.
Step 4: Set Routing Configuration
Step 4: Set Routing Configuration
Portkey allows you to control your routing logic very simply with it’s Configs feature. Portkey Configs provide this control layer with things like:
- Data Protection: Implement guardrails for sensitive code and data
- Reliability Controls: Add fallbacks, load-balance, retry and smart conditional routing logic
- Caching: Implement Simple and Semantic Caching. and more…
Example Configuration:
Here’s a basic configuration to load-balance requests to OpenAI and Anthropic:
Create your config on the Configs page in your Portkey dashboard. You’ll need the config ID for connecting to OpenAI Codex’s setup.
Configs can be updated anytime to adjust controls without affecting running applications.
Step 4: Implement Access Controls
Step 4: Implement Access Controls
Step 3: Implement Access Controls
Create User-specific API keys that automatically:
- Track usage per developer/team with the help of metadata
- Apply appropriate configs to route requests
- Collect relevant metadata to filter logs
- Enforce access permissions
Create API keys through:
Example using Python SDK:
For detailed key management instructions, see our API Keys documentation.
Step 5: Deploy & Monitor
Step 5: Deploy & Monitor
Step 4: Deploy & Monitor
After distributing API keys to your engineering teams, your enterprise-ready OpenAI Codex setup is ready to go. Each developer can now use their designated API keys with appropriate access levels and budget controls. Apply your governance setup using the integration steps from earlier sections Monitor usage in Portkey dashboard:
- Cost tracking by engineering team
- Model usage patterns for AI agent tasks
- Request volumes
- Error rates and debugging logs
Enterprise Features Now Available
Codex CLI now has:
- Departmental budget controls
- Model access governance
- Usage tracking & attribution
- Security guardrails
- Reliability features
Portkey Features
Now that you have enterprise-grade Codex CLI setup, let’s explore the comprehensive features Portkey provides to ensure secure, efficient, and cost-effective AI operations.
1. Comprehensive Metrics
Using Portkey you can track 40+ key metrics including cost, token usage, response time, and performance across all your LLM providers in real time. You can also filter these metrics based on custom metadata that you can set in your configs. Learn more about metadata here.
2. Advanced Logs
Portkey’s logging dashboard provides detailed logs for every request made to your LLMs. These logs include:
- Complete request and response tracking
- Metadata tags for filtering
- Cost attribution and much more…
3. Unified Access to 250+ LLMs
You can easily switch between 250+ LLMs. Call various LLMs such as Anthropic, Gemini, Mistral, Azure OpenAI, Google Vertex AI, AWS Bedrock, and many more by simply changing the virtual_key in your default config object.
4. Advanced Metadata Tracking
Using Portkey, you can add custom metadata to your LLM requests for detailed tracking and analytics. Use metadata tags to filter logs, track usage, and attribute costs across departments and teams.
Custom Metadata
5. Enterprise Access Management
Budget Controls
Set and manage spending limits across teams and departments. Control costs with granular budget limits and usage tracking.
Single Sign-On (SSO)
Enterprise-grade SSO integration with support for SAML 2.0, Okta, Azure AD, and custom providers for secure authentication.
Organization Management
Hierarchical organization structure with workspaces, teams, and role-based access control for enterprise-scale deployments.
Access Rules & Audit Logs
Comprehensive access control rules and detailed audit logging for security compliance and usage tracking.
6. Reliability Features
Fallbacks
Automatically switch to backup targets if the primary target fails.
Conditional Routing
Route requests to different targets based on specified conditions.
Load Balancing
Distribute requests across multiple targets based on defined weights.
Caching
Enable caching of responses to improve performance and reduce costs.
Smart Retries
Automatic retry handling with exponential backoff for failed requests
Budget Limits
Set and manage budget limits across teams and departments. Control costs with granular budget limits and usage tracking.
7. Advanced Guardrails
Protect your Codex CLI’s data and enhance reliability with real-time checks on LLM inputs and outputs. Leverage guardrails to:
- Prevent sensitive data leaks
- Enforce compliance with organizational policies
- PII detection and masking
- Content filtering
- Custom security rules
- Data compliance checks
Guardrails
Implement real-time protection for your LLM interactions with automatic detection and filtering of sensitive content, PII, and custom security rules. Enable comprehensive data protection while maintaining compliance with organizational policies.
FAQs
How do I update my Virtual Key limits after creation?
How do I update my Virtual Key limits after creation?
You can update your Virtual Key limits at any time from the Portkey dashboard:1. Go to Virtual Keys section2. Click on the Virtual Key you want to modify3. Update the budget or rate limits4. Save your changes
Can I use multiple LLM providers with the same API key?
Can I use multiple LLM providers with the same API key?
Yes! You can create multiple Virtual Keys (one for each provider) and attach them to a single config. This config can then be connected to your API key, allowing you to use multiple providers through a single API key.
How do I track costs for different teams?
How do I track costs for different teams?
Portkey provides several ways to track team costs:
- Create separate Virtual Keys for each team
- Use metadata tags in your configs
- Set up team-specific API keys
- Monitor usage in the analytics dashboard
What happens if a team exceeds their budget limit?
What happens if a team exceeds their budget limit?
When a team reaches their budget limit:
- Further requests will be blocked
- Team admins receive notifications
- Usage statistics remain available in dashboard
- Limits can be adjusted if needed
Can I use Portkey with the open source version of Codex CLI?
Can I use Portkey with the open source version of Codex CLI?
Yes! Portkey fully integrates with OpenAI’s open source Codex CLI. This gives you the flexibility to leverage both the power of open source with the enterprise controls of Portkey.
Next Steps
Join our Community
For enterprise support and custom features, contact our enterprise team.