Want Codex, Claude Code, or other coding agents authenticated every time you work inside a box? Store a personal developer profile in the dashboard and sync it into a project user’s shared home directory. The profile is scoped to your dashboard user and Zomg profile. When you sync it, Zomg writes managed files under /home/<user> for the selected project user. That home directory is shared by every box in the project and survives box deletion.
This is different from writing credentials into /root. Root’s home lives in the box root filesystem and is deleted with the box. A project user’s /home/<user> is project-scoped persistent state.

What gets synced

The dashboard sync writes these files into the target project user’s home:
PurposePath
Managed environment variables~/.config/zomg/profile.env
Managed shell startup file~/.config/zomg/profile.sh
Codex auth~/.codex/auth.json
Codex config~/.codex/config.toml
Claude Code credentials~/.claude/.credentials.json
Claude Code settings~/.claude/settings.json
Claude Code global state~/.claude.json
Zomg also adds this managed block to both ~/.bashrc and ~/.profile:
# >>> zomg managed profile >>>
[ -f "$HOME/.config/zomg/profile.sh" ] && . "$HOME/.config/zomg/profile.sh"
# <<< zomg managed profile <<<
Auth files are written with 0600 permissions.

Configure the profile

Open the dashboard and go to Settings → Developer profile.
  1. Set Default project user, for example alice.
  2. Add non-secret environment variables under Environment:
EDITOR=vim
GIT_EDITOR=vim
  1. Add secret environment variables under Secret environment:
ANTHROPIC_API_KEY=sk-ant-...
OPENAI_API_KEY=sk-...
  1. Use Subscription sign-in for ChatGPT or Claude subscription credentials. These are the same sign-ins used by dashboard chat, and Zomg can materialize them into the synced project-user home.
  2. Optionally paste any agent auth files you want Zomg to manage manually:
    • Codex auth.json for ~/.codex/auth.json
    • Codex config.toml for ~/.codex/config.toml
    • Claude credentials.json for ~/.claude/.credentials.json
    • Claude settings.json for ~/.claude/settings.json
    • Claude .claude.json for ~/.claude.json
  3. Click Save profile.
Secret values are stored server-side and are not returned to the browser after saving. The dashboard only shows whether a secret or auth file is configured.

Sync into a box

After saving the profile, sync it into a running box from the same Settings card:
  1. Enter the project name.
  2. Enter a running box name.
  3. Enter the project user, or leave it as the default user.
  4. Click Sync.
Zomg creates the project user if needed, then writes the managed files into that user’s shared home. Open a shell as that user:
zomg console --user alice my-box
Then check that the agent sees the expected auth:
codex
claude
For a scripted check, source the managed profile:
zomg exec --user alice my-box -- bash -lc '. ~/.config/zomg/profile.sh && env | grep -E "ANTHROPIC|OPENAI"'
Interactive shells source ~/.bashrc or ~/.profile. For non-interactive zomg exec commands, source ~/.config/zomg/profile.sh when you need the managed environment in that command.

Codex

Codex reads its login state from ~/.codex/auth.json. To use a dashboard-managed Codex login inside boxes, use ChatGPT Plus/Pro under Subscription sign-in in the developer profile. Zomg stores the resulting subscription token and, on sync, writes a Codex-compatible auth file for the project user. You can also paste a file manually:
  1. Sign in to Codex on a machine where browser login works.
  2. Copy the contents of your local ~/.codex/auth.json.
  3. Paste it into Codex auth.json in the dashboard developer profile.
  4. Sync the profile into the project user.
  5. Run Codex as that user inside the box.
zomg console --user alice my-box
cd /work
codex
If you also have Codex preferences, paste your ~/.codex/config.toml into Codex config.toml.
Treat auth.json like a password. Anyone who can read it can use that login until it expires or is revoked.

Claude Code

Claude Code can authenticate with its native credential files or with environment variables. For native Claude Code auth, use Claude Pro/Max under Subscription sign-in in the developer profile. Zomg stores the resulting subscription token and, on sync, writes Claude credentials for the project user. You can also paste Claude Code files manually:
  1. Sign in to Claude Code where browser login works.
  2. Copy the relevant Claude files:
    • ~/.claude/.credentials.json
    • ~/.claude/settings.json, if you use one
    • ~/.claude.json, if needed
  3. Paste them into the matching dashboard fields.
  4. Sync the profile into the project user.
  5. Run Claude Code as that user inside the box.
zomg console --user alice my-box
cd /work
claude
For API-key based Claude Code auth, add a secret environment variable instead:
ANTHROPIC_API_KEY=sk-ant-...
Then source the managed profile in non-interactive commands:
zomg exec --user alice my-box -- bash -lc '. ~/.config/zomg/profile.sh && claude --help'

Rotating or removing credentials

To replace a credential:
  1. Paste the new value into the matching dashboard field.
  2. Click Save profile.
  3. Sync the profile again.
To remove a stored auth file, click the delete button for that field, then sync again. To remove a synced file from an existing home directory immediately, delete it inside the box:
zomg exec --user alice my-box -- bash -lc 'rm -f ~/.codex/auth.json ~/.claude/.credentials.json'

When to use zomg inject

zomg inject is handy for one-off root credentials in a specific box. Reach for the dashboard developer profile when you want repeatable, project-user based auth that survives box deletion and works across boxes in the same project.

Development

Connect editors and agents to boxes.

Environment

Understand project users, /home, PATH, and shell startup behavior.