Secrets and Auth
CodeForge supports automatic authentication through .devcontainer/.secrets and DevContainer-hosted secrets such as Codespaces secrets.
.secrets File
Section titled “.secrets File”Create .devcontainer/.secrets with KEY=VALUE entries:
GH_TOKEN=ghp_your_token_hereGH_USERNAME=your-github-usernameGH_EMAIL=your-email@example.comNPM_TOKEN=npm_your_token_hereCLAUDE_AUTH_TOKEN=sk-ant-oat01-your-token-hereOPENAI_API_KEY=sk-your-openai-keyCommon Variables
Section titled “Common Variables”| Variable | Purpose |
|---|---|
GH_TOKEN | GitHub CLI and HTTPS git auth |
GH_USERNAME | Git user name |
GH_EMAIL | Git user email |
NPM_TOKEN | npm auth |
CLAUDE_AUTH_TOKEN | Claude Code long-lived auth token |
OPENAI_API_KEY | Codex CLI API-key auth |
Behavior
Section titled “Behavior”- CodeForge can inject Claude and Codex credentials on container start.
- Codespaces or other host secrets take precedence over
.secrets. - Existing credentials are usually left in place when the setup is idempotent.
Security Note
Section titled “Security Note”Never commit .devcontainer/.secrets.
Troubleshooting Auth
Section titled “Troubleshooting Auth”If something is not authenticated, these commands are the fastest first checks:
gh auth statusclaudecodexnpm whoami