You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/config.md
+20Lines changed: 20 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -174,6 +174,26 @@ Number of times Codex will attempt to reconnect when a streaming response is int
174
174
175
175
How long Codex will wait for activity on a streaming response before treating the connection as lost. Defaults to `300_000` (5 minutes).
176
176
177
+
#### TLS and mTLS configuration
178
+
179
+
Model providers accept an optional `tls` block for custom CA certificates or mutual TLS. Relative paths are resolved against `~/.codex/`:
180
+
181
+
```toml
182
+
[model_providers.my-secure-provider.tls]
183
+
ca-certificate = "certs/ca.pem"
184
+
client-certificate = "certs/client.pem"
185
+
client-private-key = "certs/client-key.pem"
186
+
```
187
+
188
+
Paths can also be read from environment variables (which take precedence if set):
189
+
190
+
```toml
191
+
[model_providers.my-secure-provider.tls]
192
+
ca-certificate-env = "MY_CA_CERT_PATH"
193
+
client-certificate-env = "MY_CLIENT_CERT_PATH"
194
+
client-private-key-env = "MY_CLIENT_KEY_PATH"
195
+
```
196
+
177
197
### model_provider
178
198
179
199
Identifies which provider to use from the `model_providers` map. Defaults to `"openai"`. You can override the `base_url` for the built-in `openai` provider via the `OPENAI_BASE_URL` environment variable.
0 commit comments