Sign in with your ChatGPT account
Codex is installed but doesn't know who you are yet. Same as the Claude CLI, it needs you to sign in once. Type:
codex login
Your browser opens to an OpenAI sign-in page. You sign in with your ChatGPT account, the same login you'd use at chatgpt.com. If you don't have one, the page lets you create one; a free account is enough to sign in. You approve the CLI's access, the page tells you it's done, and you go back to the terminal signed in.
You can also just run codex to start, and on a first run with no
sign-in it walks you into the same flow. Either way lands in the same
place.
If the browser step won't work
Sometimes the browser sign-in can't run, most often when you're working
on a machine with no browser, like a remote server. Codex documents
three real fallbacks (verified via codex login --help and OpenAI's
public Codex CLI reference):
codex login --device-auth
OAuth device-code flow: prints a short code and a web address. Open the address on any device that does have a browser, type the code, and the CLI is signed in.
printenv OPENAI_API_KEY | codex login --with-api-key
Reads an API key from stdin — clean for CI and shell pipelines.
printenv CODEX_ACCESS_TOKEN | codex login --with-access-token
Reads an OAuth access token from stdin — useful when you've minted a short-lived token elsewhere. Three named flags; one of them will fit whatever shape your remote environment has.
Same shape as before
Notice this is the Claude CLI sign-in again with the labels swapped. A
browser opens, you prove who you are on a page you trust, you approve,
the CLI gets a token and saves it, and it stops asking. You learned why
that token-not-password design is the safe one back in the Claude
chapter, and it's true here too. Run codex login now and finish the
browser step.