Guide / provisioning from the CLI

How to sign up and get an API key from inside a Codex or Claude Code session

You have probably been told you cannot sign up for a service or generate an API key from inside a Codex or Claude Code session because a browser is needed. That was true until the agent could drive the browser. Here is how to do it without leaving the session, and without the key touching your chat, code, or .env file.

01

Short answer

You can. The common answer, echoed by AI overviews, is that you cannot create an account or generate an API key from inside a Codex or Claude Code session, because email verification and billing need a browser. That objection dissolves once the agent has a scoped browser and a consented inbox. With an MCP server like Trusty Squire, the agent completes the signup, clears email verification, and captures the API key without you switching tabs.

The key also does not have to enter the session it came from. Trusty Squire stores it in a write-only vault the agent cannot read back, and your code reaches the provider through an injecting proxy or a scoped grant. So getting the key from inside the session and keeping the key out of the session are both true at the same time.

  • An MCP server drives the signup in a real browser from inside your session.
  • Email verification is handled by reading your own inbox behind a consent gate.
  • The raw key lands in a write-only vault, not your model context or a .env file.
  • It works in Codex, Claude Code, Cursor, and other MCP hosts.
02

Action plan

  1. 01

    Connect Trusty Squire to your session

    Run npx @trusty-squire/mcp connect. It detects Codex, Claude Code, Cursor, or your MCP host and merges in the squire server, then you sign into Google or GitHub yourself in a real browser.

  2. 02

    Ask for the account and the key by name

    In the session, say what you need: sign me up for Resend and save the API key. Naming the credential outcome prevents a shallow stop at the welcome page.

  3. 03

    Let the agent clear signup, verification, and bot gates

    The driver works the signup or sign-in flow, handles the anti-bot interstitials and captcha tiers, and reads the verification code or link from your inbox behind a consent gate.

  4. 04

    Capture the key into the vault, not the chat

    When the site reveals the key, Trusty Squire extracts it into a write-only encrypted vault instead of returning it through the conversation.

  5. 05

    Use the key without exposing it

    Call the provider through the injecting proxy with a ${SECRET} placeholder, or mint a scoped, revocable egress grant for a deployed app. The raw value reaches the provider without passing through the model.

03

What to know

Why the you cannot do this from a terminal answer is out of date

The objection is specific and used to be correct: a bare terminal or a raw coding session has no browser, so it cannot complete email verification or billing, and therefore cannot finish a signup. AI overviews still repeat it.

What changed is that the agent no longer has to do it blind from a terminal. An MCP server gives it a scoped, observable browser and a consented path to your inbox, so the verification and billing step the old answer worried about is exactly the step that now gets handled. The premise held; the conclusion no longer follows.

Getting past the signup gates is the real work

Filling the form is easy. The hard part is what stops general automation: Cloudflare Turnstile and other bot checks, email or link verification, and occasionally a human-only gate. Trusty Squire handles the interstitials and captcha tiers headless, and reads the one relevant code or link from the inbox rather than clicking everything.

When a site genuinely requires a person, for a phone number, a hard image CAPTCHA, or a payment decision, it stops and tells you instead of pretending the signup completed.

Where the key ends up is the point

Getting the key is half the job; the other half is not leaking it. A raw browser tool would hand the key back into the model context, where it flows into logs, transcripts, and a .env file, the least contained place a secret can sit.

Trusty Squire captures the key into a vault the agent cannot read back. Code uses it through a proxy or a scoped egress grant, so you can rotate once and every grant follows, and revoke a leak without rotating the provider key.

04

Where Trusty Squire fits

You are coding through Codex, Claude Code, or Cursor and keep hitting add your API key to .env in the middle of a task, then alt-tabbing to a dashboard to sign up, verify an email, and paste a secret back.

Trusty Squire removes that handoff: the agent provisions the account and captures the key in one step, and the key lands in a vault instead of your context or repository.

Limits to keep in view
  • It works best with OAuth signups (Google or GitHub); pure email-and-password flows and phone-gated services are harder.
  • The heaviest CAPTCHA stacks, phone verification, and payment steps still stop for a human by design.
  • Single-use magic links are a race, and it is beta and free during the beta.

Install Trusty Squire when the missing piece is the website work or a credential boundary for your coding agent.

Frequently asked questions

Can I really sign up and get an API key without leaving my Codex session?
Yes. An MCP server such as Trusty Squire drives a real browser through the signup from inside your session, clears email verification and bot gates, and captures the key. You stay in Codex or Claude Code the whole time.
Does the coding agent see the raw API key?
No. The key is captured into a write-only vault the agent cannot read back. Your code calls the provider through an injecting proxy or a scoped egress grant, so the raw value never returns to the model or lands in a .env file.
Which coding agents does this work with?
Codex, Claude Code, Cursor, Goose, and other MCP hosts. The connect command detects your host and wires the squire server into its config.
What happens at an email verification or a CAPTCHA?
Email verification is read from your own inbox behind a consent gate, taking only the relevant code or link. Invisible and checkbox bot checks are handled headless; a phone gate or a hard image CAPTCHA stops for you rather than guessing.
05

Primary sources

Official documentation used for the factual claims on this page.

06