Bug: Electron app cannot read AZURE_API_KEY from shell environment when using Codex CLI config

Description

When using Codex CLI through the desktop app, the CLI configuration references an API key via an environment variable:

env_key = "AZURE_API_KEY"

However, the Electron desktop application cannot access environment variables defined in shell configuration files such as ~/.zshrc. As a result, Codex CLI fails with the error:

Missing environment variable: AZURE_API_KEY

This occurs even though the variable is correctly defined and works when running Codex CLI directly from the terminal.

Codex CLI configuration

Location:

~/.codex/config.toml

Configuration:

# Default profile
profile = "gpt53"

[profiles.gpt53]
model = "gpt-5.3-codex"
model_provider = "azure"
model_reasoning_effort = "high"
approval_policy = "on-request"
sandbox_mode = "workspace-write"
personality = "friendly"

[model_providers.azure]
name = "Azure Serverless"
base_url = "https://someservice.azure.com/openai"
env_key = "AZURE_API_KEY"
wire_api = "responses"

[model_providers.azure.query_params]
api-version = "2025-04-01-preview"

[tui]
animations = true
notifications = true

[mcp_servers.shadcn]
command = "npx"
args = ["shadcn@latest", "mcp"]

[notice.model_migrations]
"gpt-5.1-codex-mini" = "gpt-5.3-codex"

Steps to reproduce

1. Add the API key to the shell environment (e.g. ~/.zshrc):

export AZURE_API_KEY=your_key

2. Verify it works in the terminal:

echo $AZURE_API_KEY

3. Launch the Electron desktop app.
4. Run a Codex CLI action that uses the Azure provider.

Actual behavior

The CLI returns:

Missing environment variable: AZURE_API_KEY

Expected behavior

The desktop application should allow environment variables defined in the user environment to be available to the Codex CLI process, or provide a supported mechanism (e.g., .env support or environment variable configuration in the app settings).

Workarounds

Currently the issue can be bypassed by:

Option 1 — Using launchctl:

launchctl setenv AZURE_API_KEY <key>

Option 2 — Adding the API key directly in config.toml:

api_key = "your_key"

Minimal reproducible example

The issue can be reproduced with the following minimal configuration:

[profiles.test]
model = "gpt-5.3-codex"
model_provider = "azure"

[model_providers.azure]
base_url = "https://example.azure.com/openai"
env_key = "AZURE_API_KEY"

Launching the Electron app without setting the variable via launchctl results in the environment variable not being detected.

Environment

• OS: macOS
• Shell: zsh
• App type: Electron desktop app invoking Codex CLI
• Codex CLI config location: ~/.codex/config.toml
• Node runtime (Electron): inherits environment from launchd