OpenAI Codex plugin
MCP plus skills for Codex CLI and IDE — same repository as this site.
On this page
Who this is for
Codex plugins bundle an MCP server and reusable skills. Use PrivateNote when Codex needs to create encrypted handoff links during agent workflows.
For secrets the agent must not see, use the VS Code extension in the Codex IDE instead of pasting credentials into chat.
Install in Codex
# One-liner codex mcp add privatenote -- npx -y privatenote-mcp # Or edit ~/.codex/config.toml: # or edit the file directly [mcp_servers.privatenote] command = "npx" args = ["-y", "privatenote-mcp"] enabled = true
Trust model
Codex uses the same encryption boundary as every other integration: local encryption, ciphertext upload, key in the URL fragment.
For cryptographic primitives and the full architecture, see How it works and the end-to-end encryption guide linked below.
Encrypt locally
AES-256-GCM on your device — browser, editor, terminal, or MCP process.
Upload ciphertext
Only encrypted bytes and note metadata (expiry, burn-after-reading) reach the server.
Key in #fragment
The decryption key stays in the URL hash. Browsers do not send fragments in HTTP requests.
privatenote.ai/note/…#key
Bundled plugin marketplace: .agents/plugins/marketplace.json in the repo.
Skills teach Codex when and how to call create_private_note.
Prefer the editor extension when the secret must not enter the model context.
Codex configuration
| Name | Description |
|---|---|
| codex mcp add | CLI helper to register the MCP server |
| [mcp_servers.privatenote] | TOML block in ~/.codex/config.toml |
| privatenote-mcp | npm package run via npx |
| VS Code extension | Use in Codex IDE for secrets the agent never sees |
Related integrations
PrivateNote CLI
Zero-footprint secrets in scripts, pipes, and CI — encrypted locally before anything reaches the network.
View docsVS Code, Cursor & Codex IDE
The primary developer entry point — compose, configure, and share without switching context.
View docsMCP server for AI agents
Let agents hand off secrets securely — encryption runs locally in the MCP process.
View docsChrome extension
Encrypt selected text in the browser without opening privatenote.ai — same client-side flow, fewer context switches.
View docsOpenAI Codex plugin
MCP plus skills for Codex CLI and IDE — same repository as this site.