Want Codex, Claude Code, or other coding agents authenticated every time you work inside a box? Store a personal developer profile in the dashboard and sync it into a deployment user’s shared home directory. The profile is scoped to your dashboard user and Zomg profile. When you sync it, Zomg writes managed files under /home/<user> for the selected user. That home directory lives on the deployment-global home volume — the same /home/<user> in every box in every project — and survives box deletion.
This is different from writing credentials into /root. Root’s home lives in the box root filesystem and is deleted with the box. A user’s /home/<user> is deployment-wide persistent state.

What gets synced

The dashboard sync writes these files into the target user’s home:
PurposePath
Managed environment variables~/.config/zomg/profile.env
Managed shell startup file~/.config/zomg/profile.sh
Codex auth~/.codex/auth.json
Codex config~/.codex/config.toml
Claude Code credentials~/.claude/.credentials.json
Claude Code settings~/.claude/settings.json
Claude Code global state~/.claude.json
Zomg also adds this managed block to both ~/.bashrc and ~/.profile:
# >>> zomg managed profile >>>
[ -f "$HOME/.config/zomg/profile.sh" ] && . "$HOME/.config/zomg/profile.sh"
# <<< zomg managed profile <<<
Auth files are written with 0600 permissions.

Configure the profile

Open the dashboard and go to Settings → Developer profile.
  1. Set Default user, for example alice.
  2. Add non-secret environment variables under Environment:
EDITOR=vim
GIT_EDITOR=vim
  1. Add secret environment variables under Secret environment:
ANTHROPIC_API_KEY=sk-ant-...
OPENAI_API_KEY=sk-...
  1. Use Subscription sign-in for ChatGPT or Claude subscription credentials. These are the same sign-ins used by dashboard chat, and Zomg can materialize them into the synced user home.
  2. Optionally paste any agent auth files you want Zomg to manage manually:
    • Codex auth.json for ~/.codex/auth.json
    • Codex config.toml for ~/.codex/config.toml
    • Claude credentials.json for ~/.claude/.credentials.json
    • Claude settings.json for ~/.claude/settings.json
    • Claude .claude.json for ~/.claude.json
  3. Click Save profile.
Secret values are stored server-side and are not returned to the browser after saving. The dashboard only shows whether a secret or auth file is configured.

Sync into a box

After saving the profile, sync it into a running box from the same Settings card:
  1. Enter the project name.
  2. Enter a running box name.
  3. Enter the user, or leave it as the default user.
  4. Click Sync.
Zomg creates the user if needed, then writes the managed files into that user’s shared home. Open a shell as that user:
zomg console --user alice my-box
Then check that the agent sees the expected auth:
codex
claude
For a scripted check, source the managed profile:
zomg exec --user alice my-box -- bash -lc '. ~/.config/zomg/profile.sh && env | grep -E "ANTHROPIC|OPENAI"'
Interactive shells source ~/.bashrc or ~/.profile. For non-interactive zomg exec commands, source ~/.config/zomg/profile.sh when you need the managed environment in that command.

Codex

Codex reads its login state from ~/.codex/auth.json. To use a dashboard-managed Codex login inside boxes, use ChatGPT Plus/Pro under Subscription sign-in in the developer profile. Zomg stores the resulting subscription token and, on sync, writes a Codex-compatible auth file for the target user. You can also paste a file manually:
  1. Sign in to Codex on a machine where browser login works.
  2. Copy the contents of your local ~/.codex/auth.json.
  3. Paste it into Codex auth.json in the dashboard developer profile.
  4. Sync the profile into the user.
  5. Run Codex as that user inside the box.
zomg console --user alice my-box
cd /work
codex
If you also have Codex preferences, paste your ~/.codex/config.toml into Codex config.toml.
Treat auth.json like a password. Anyone who can read it can use that login until it expires or is revoked.

Claude Code

Claude Code can authenticate with its native credential files or with environment variables. For native Claude Code auth, use Claude Pro/Max under Subscription sign-in in the developer profile. Zomg stores the resulting subscription token and, on sync, writes Claude credentials for the target user. You can also paste Claude Code files manually:
  1. Sign in to Claude Code where browser login works.
  2. Copy the relevant Claude files:
    • ~/.claude/.credentials.json
    • ~/.claude/settings.json, if you use one
    • ~/.claude.json, if needed
  3. Paste them into the matching dashboard fields.
  4. Sync the profile into the user.
  5. Run Claude Code as that user inside the box.
zomg console --user alice my-box
cd /work
claude
For API-key based Claude Code auth, add a secret environment variable instead:
ANTHROPIC_API_KEY=sk-ant-...
Then source the managed profile in non-interactive commands:
zomg exec --user alice my-box -- bash -lc '. ~/.config/zomg/profile.sh && claude --help'

Rotating or removing credentials

To replace a credential:
  1. Paste the new value into the matching dashboard field.
  2. Click Save profile.
  3. Sync the profile again.
To remove a stored auth file, click the delete button for that field, then sync again. To remove a synced file from an existing home directory immediately, delete it inside the box:
zomg exec --user alice my-box -- bash -lc 'rm -f ~/.codex/auth.json ~/.claude/.credentials.json'

When to use zomg inject

zomg inject is handy for one-off root credentials in a specific box. Reach for the dashboard developer profile when you want repeatable, per-user auth that survives box deletion and works across every box in the deployment.

Development

Connect editors and agents to boxes.

Environment

Understand users, /home, PATH, and shell startup behavior.