security.md Codex Docs, 2026-02-20 12:16 UTC → 2026-02-21 00:33 UTC

89 89 

90#### Configuration in `config.toml`90#### Configuration in `config.toml`

91 91 

92For the broader configuration workflow, see [Config basics](https://developers.openai.com/codex/config-basic), [Advanced Config](https://developers.openai.com/codex/config-advanced#approval-policies-and-sandbox-modes), and the [Configuration Reference](https://developers.openai.com/codex/config-reference).

93 

92```94```

93# Always ask for approval mode95# Always ask for approval mode

94approval_policy = "untrusted"96approval_policy = "untrusted"

228 230 

229## Managed configuration231## Managed configuration

230 232 

231Enterprise admins can control local Codex behavior in two ways:233Enterprise admins can control local Codex behavior in two ways. For the exact key list, see the [`requirements.toml` section in Configuration Reference](https://developers.openai.com/codex/config-reference#requirementstoml):

232 234 

233- **Requirements**: admin-enforced constraints that users can’t override.235- **Requirements**: admin-enforced constraints that users can’t override.

234- **Managed defaults**: starting values applied when Codex launches. Users can still change settings during a session; Codex reapplies managed defaults the next time it starts.236- **Managed defaults**: starting values applied when Codex launches. Users can still change settings during a session; Codex reapplies managed defaults the next time it starts.