Logging out of the Codex CLI clears cached sign-in details from the local machine, which helps reduce accidental access from shared terminals and workstations. It is also useful when switching accounts or completing a credential rotation.
The CLI and IDE extension share cached credentials stored in the OS credential store or /~/.codex/auth.json for file-based storage. Running codex logout removes the cached session so subsequent commands return to an unauthenticated state.
Logging out only affects the local machine state and does not revoke server-side credentials such as API keys or previously issued tokens. If compromise is suspected, revoke or rotate credentials at the source and confirm the CLI shows an unauthenticated status after logout.
Related: How to log in to Codex with device auth
Related: How to check Codex login status
Steps to log out of Codex:
- Exit any active interactive session before logging out.
/exit
- Remove stored authentication credentials.
$ codex logout Successfully logged out
Repeat in each user account that previously authenticated on the same machine.
- Confirm the CLI is no longer authenticated.
$ codex login status Not logged in
- Run a simple command to confirm the CLI requires a fresh login.
$ codex exec --skip-git-repo-check "Return OK." ERROR: unexpected status 401 Unauthorized:
Mohd Shakir Zakaria is a cloud architect with deep roots in software development and open-source advocacy. Certified in AWS, Red Hat, VMware, ITIL, and Linux, he specializes in designing and managing robust cloud and on-premises infrastructures.
