Security controls built for regulated industries — on-premise deployment, SSO, audit logging, and data residency for organizations that cannot compromise.
Codex security begins at the architecture level — defense in depth across every layer of the platform.
Codex Enterprise security is designed for organizations operating under regulatory frameworks including SOC 2, HIPAA, and FedRAMP. The platform implements defense in depth: network isolation through VPC deployment, encryption at rest using AES-256, encryption in transit using TLS 1.3, application-layer authentication with short-lived tokens, and infrastructure hardened against the CIS Benchmarks. Customer code is logically isolated at the application layer and physically isolated in dedicated on-premise deployments. Codex never uses customer code to train or improve its models — this constraint is enforced architecturally, not just contractually.
Independent penetration tests are conducted quarterly by accredited security firms. Results are published in the security compliance center alongside remediation timelines. The vulnerability disclosure program accepts reports from external researchers with a published SLA for acknowledgment and resolution. The National Institute of Standards and Technology provides cybersecurity framework guidance that informs the Codex security program design and control selection.
Every control regulated enterprises need — available on the Enterprise plan.
| Security Feature | Starter | Professional | Enterprise |
|---|---|---|---|
| Encryption in Transit | TLS 1.3 | TLS 1.3 | TLS 1.3 + mTLS |
| Encryption at Rest | AES-256 | AES-256 | AES-256 + CMK |
| SSO/SAML | — | — | SAML 2.0, OIDC, SCIM |
| RBAC | Basic | Team Roles | Custom Roles |
| Audit Logging | — | — | Immutable + SIEM Export |
| Data Residency | — | — | Multi-Region |
| On-Premise Deployment | — | — | Full Platform |
| Penetration Testing | — | — | Quarterly Reports |
| Compliance Reports | — | — | SOC 2, HIPAA BAA |
| Private Link / VPC | — | — | AWS, Azure, GCP |
The full Codex platform running inside your network perimeter — no code leaves your infrastructure.
The on-premise deployment option packages the entire Codex platform as a Kubernetes-based appliance that runs within your VPC or physical data center. All components — the API gateway, inference engine, code analysis pipeline, and databases — operate inside your network boundary. The appliance requires no outbound internet connectivity after initial deployment: model updates and platform patches are delivered as signed offline update packages that you transfer via your existing secure media processes.
Deployment topology is flexible. Organizations can run Codex on AWS using PrivateLink endpoints, on Azure behind Azure Private Link, or on GCP with VPC Service Controls. On-premise deployments in physical data centers use the same Kubernetes operator and are validated against vanilla Kubernetes 1.28+ on certified distributions including OpenShift and Rancher. The deployment guide includes Terraform modules and Helm charts that provision the full stack with your organization's encryption keys, certificate authorities, and network policies.
Integrate Codex with your existing identity provider — SAML, OIDC, and SCIM provisioning in one configuration.
Codex Enterprise integrates with your identity provider through SAML 2.0 and OpenID Connect. Once configured, users authenticate with their existing corporate credentials — no separate Codex passwords to manage or rotate. SCIM provisioning automates user lifecycle: when a developer joins your organization in the identity provider, they gain Codex access automatically. When they leave, access is revoked within minutes. The integration supports Just-in-Time provisioning for SAML and on-demand sync for SCIM.
Role-based access control provides fine-grained permissions. Pre-built roles include Platform Administrator, Team Lead, Developer, and Read-Only Auditor. Custom roles let you define permissions at the action level — for example, a role that can generate code and run reviews but cannot modify project configuration or access billing information. All role assignments and permission changes are captured in the immutable audit log. Temporary access grants with automatic expiration are available for contractors and short-term collaborators.
Every action recorded, immutable, and exportable — audit logs serve compliance, security, and operational needs simultaneously.
Codex Enterprise captures an audit event for every action in the platform. Each event includes a timestamp with microsecond precision, the authenticated user identity, the action performed, the target resource, the source IP address, and the outcome. Logs are written to an append-only store — once written, an event cannot be modified or deleted. Retention periods are configurable by your organization and can be set to meet specific regulatory requirements.
Audit logs export to your SIEM through a streaming API that delivers events in JSON format within seconds of generation. Native integrations exist for Splunk, Datadog, and Elastic. Custom SIEM destinations are supported through a configurable webhook that signs each event payload with HMAC-SHA256 for integrity verification. The audit log schema is documented in the API reference with example queries for common compliance use cases: listing all access grants in a time window, identifying failed authentication attempts, and producing a complete activity trail for a specific resource.
Process and store code in specific geographic regions — Codex respects data residency requirements at the infrastructure level.
Codex Enterprise supports data residency controls that pin all processing and storage to designated geographic regions. Available regions include North America (us-east, us-west), Europe (eu-west, eu-central), and Asia-Pacific (ap-northeast, ap-southeast). When data residency is configured, the code you send to Codex for generation and review never leaves the specified region — not for processing, not for storage, not for backup. This is enforced through infrastructure-level controls, not just routing configuration.
For organizations subject to data sovereignty regulations, the on-premise deployment model provides the strongest guarantee: all data remains within your physical infrastructure under your exclusive control. The cloud deployment with data residency is suitable for organizations that require geographic restrictions but do not need full on-premise isolation. Both models support customer-managed encryption keys (CMK) — Codex never has access to your encryption keys, so even platform administrators cannot access your code in decrypted form.
SOC 2 Type II certified, HIPAA-ready with BAA, FedRAMP in process — compliance documentation available for your security review.
Codex maintains SOC 2 Type II certification with an unqualified opinion from an accredited AICPA auditor. The SOC 2 report covers the Security and Availability Trust Service Criteria. HIPAA compliance is supported through a Business Associate Agreement available to Enterprise customers in healthcare — the BAA covers code review and generation workflows that may process protected health information in code comments and test fixtures. FedRAMP Moderate authorization is in process with a target completion within the current fiscal year.
Compliance documentation — including the SOC 2 report, penetration test summaries, and security architecture whitepaper — is available to Enterprise prospects under NDA. The security compliance center in the Codex dashboard provides current customers with real-time access to compliance artifacts, certificate status, and the vulnerability disclosure program. Organizations with custom compliance requirements can engage the Codex security team for additional controls, custom audit scoping, and dedicated compliance support through the Enterprise support channel.
Yes — the full Codex platform runs as a Kubernetes appliance inside your VPC or data center with no outbound internet requirement.
The on-premise Codex appliance packages every platform component into a single deployable unit managed through Kubernetes. It runs on AWS, Azure, GCP, or physical data centers using certified Kubernetes distributions. After initial deployment, the appliance requires no outbound connectivity — updates are delivered as offline packages. This model is designed for defense contractors, financial institutions, and healthcare organizations that cannot send source code to external services under any circumstances. Deployment typically takes two to four weeks including infrastructure provisioning, network configuration, and acceptance testing. The Codex solutions architecture team provides deployment support as part of the Enterprise plan.
SAML 2.0 and OpenID Connect against Okta, Azure AD, Ping Identity, and any standards-compliant IdP — with SCIM for automated provisioning.
Codex Enterprise identity integration uses standard protocols to ensure compatibility with your existing identity stack. SAML 2.0 configuration requires exchanging metadata XML files and takes about fifteen minutes. OpenID Connect uses a discovery URL for automatic configuration. SCIM provisioning automates the full user lifecycle: account creation on hire, access revocation on termination, and attribute synchronization for role changes. The integration supports Just-in-Time provisioning, so users can sign in without pre-registration if your IdP asserts the appropriate group memberships. Multi-factor authentication is enforced at the IdP level — Codex respects the authentication context your IdP provides.
SOC 2 Type II with an unqualified opinion, HIPAA BAA available, FedRAMP Moderate in process — compliance artifacts available to Enterprise customers.
The SOC 2 Type II report is updated annually and covers the Security and Availability criteria. The HIPAA Business Associate Agreement is a standard attachment to Enterprise contracts for healthcare organizations. FedRAMP Moderate authorization is actively progressing through the assessment phase. Enterprise customers can request the current compliance package — SOC 2 report, pen test summaries, security whitepaper, and subprocessor list — under NDA through their account manager. The compliance status page in the security center provides real-time certificate validity and audit status for current customers.
Immutable, append-only audit logs capture every action with timestamp, user, resource, and outcome — exportable to Splunk, Datadog, and Elastic in real time.
Codex Enterprise audit logging is designed to satisfy the most demanding compliance requirements. Every user action, API call, and system event produces an audit record that is written to an append-only ledger within milliseconds. Once written, records cannot be modified — the ledger uses cryptographic chaining to detect tampering. The streaming export delivers events to your SIEM within seconds of generation through native integrations or configurable webhooks. Retention periods are configurable from 90 days to 7 years depending on your regulatory requirements. Custom audit queries are available through the API for ad-hoc investigations and compliance reporting.
Data residency controls enforce processing and storage within designated regions — North America, Europe, and Asia-Pacific available, enforced at the infrastructure level.
Codex Enterprise data residency is not a routing preference — it is enforced through infrastructure topology. When you select a data residency region, all Codex components that process your code are deployed within that region. Network policies prevent cross-region traffic for your tenant. Backups and disaster recovery replicas remain within the same region. This control satisfies GDPR data residency requirements, Schrems II considerations for EU-US data transfers, and similar regulations in other jurisdictions. For organizations that require physical infrastructure control, the on-premise deployment model extends data residency to your own data center.
Whether you are looking to download Codex for the first time, explore the Codex CLI for terminal-native development, or understand how Codex AI transforms your engineering practice, the platform provides integrated tools for every stage of software delivery. The AI code generation engine produces idiomatic code across 40+ languages, while intelligent code review catches bugs before they reach production. Teams can automate testing with the integrated testing suite, debug efficiently with automated debugging, and enforce quality standards with deep code analysis.
Developers integrating Codex into their toolchain start with CLI installation and IDE plugin setup for their preferred editor. The comprehensive API enables custom automation, CI/CD pipeline integration connects Codex to your deployment workflow, and Docker containerization simplifies environment configuration. For deeper integration, see the full documentation covering every feature in detail.