Skip to main content
Browse docs
By Audience
Getting Started
Configuration
Use Cases
IDE Integration
Third-Party Integrations
AI Coding Agents
Claude CodeGithub Copilot WorkspaceAmazon Q DeveloperGemini Code AssistTabnineCodeiumAiderOpenhandsSwe AgentCodex CLI
Agent Frameworks
AI Chat & Productivity
DevOps & Vector Databases
Enterprise & MLOps
Engineering Cache
Console
API Reference
Gateway
Workflow Guides
Templates
Providers and SDKs
Industry Guides
Advanced Guides
Browse by Role
Deployment Guides
In-Depth Guides
Tutorials
CLI Reference
Policy Reference
FAQ

Codeium with Keeptrusts Gateway

Codeium is an AI code completion and chat platform that provides fast inline suggestions, multi-file edits, and agentic coding workflows across IDEs. Codeium Enterprise supports custom model endpoints and proxy configurations. Routing Codeium traffic through the Keeptrusts gateway adds policy enforcement to every completion and chat request, an immutable audit trail of all AI interactions, secret and PII redaction before code context reaches the model, and organization-wide cost attribution.

Use this page when

  • You want to route Codeium's AI traffic through Keeptrusts for policy enforcement and audit logging.
  • You use Codeium Enterprise and want to configure a governed model endpoint.
  • You want to enforce secret detection and data-loss-prevention on Codeium completions.
  • You need centralized cost tracking for Codeium AI usage across your development organization.

Primary audience

  • Primary: Technical Engineers
  • Secondary: AI Agents, Technical Leaders

Prerequisites

  • Keeptrusts CLI installed — see Quickstart or Install the Gateway.
  • Codeium extension installed in your IDE (VS Code, JetBrains, or other supported IDE).
  • Codeium Enterprise subscription (required for custom endpoint and proxy configuration).
  • OpenAI-compatible API key for the upstream provider.
  • Gateway running — the Keeptrusts gateway must be started before configuring Codeium.

Configuration

Create a policy-config.yaml for Codeium traffic:

pack:
  name: codeium-gateway
  version: 1.0.0
  enabled: true

policies:
  chain:
    - pii-detector
    - code-sanitation
    - prompt-injection
    - quality-scorer
    - audit-logger

providers:
  strategy: single
  targets:
    - id: openai-codeium
      provider: openai
      model: gpt-4o
      secret_key_ref:
        env: OPENAI_API_KEY

Setup steps

  1. Export your provider API key:
export OPENAI_API_KEY="sk-your-key-here"
  1. Start the Keeptrusts gateway:
kt gateway run --policy-config policy-config.yaml

The gateway listens on http://localhost:41002 by default.

  1. Configure Codeium to route through the gateway. Codeium Enterprise supports proxy configuration through environment variables and IDE settings.

Set the proxy environment variables before launching your IDE:

export HTTP_PROXY="http://localhost:41002"
export HTTPS_PROXY="http://localhost:41002"

For VS Code, you can also configure the proxy in settings:

{
  "http.proxy": "http://localhost:41002",
  "http.proxyStrictSSL": false,
  "codeium.enterpriseMode": true,
  "codeium.apiServer": "http://localhost:41002"
}

  1. Restart your IDE to apply the configuration.

  2. For team deployment, configure proxy settings centrally through your Codeium Enterprise admin dashboard or distribute IDE settings:

For hosted gateways:

{
  "codeium.apiServer": "https://gateway.keeptrusts.com"
}

Verification

Confirm traffic is flowing through the gateway:

  1. Check gateway logs while using Codeium:
kt gateway run --policy-config policy-config.yaml --log-level debug
  1. Tail events:
kt events tail --follow

  1. Trigger a Codeium completion by typing code and verify the event appears in the Keeptrusts console under Events.

  2. Verify with curl:

curl http://localhost:41002/v1/chat/completions \
  -H "Authorization: Bearer $OPENAI_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "model": "gpt-4o",
    "messages": [{"role": "user", "content": "Complete this function"}],
    "max_tokens": 128
  }'
PolicyWhy it matters for Codeium
pii-detectorPrevents personal data in source code from leaking through completion requests
code-sanitationCatches API keys, tokens, and credentials embedded in code context
prompt-injectionDetects injection attempts in files Codeium reads as context
quality-scorerScores completion quality to surface low-confidence suggestions
audit-loggerCreates an immutable record of every Codeium AI interaction
dlp-filterApplies data-loss-prevention rules to outbound code context

Troubleshooting

Codeium completions stop working after proxy configuration. Verify the gateway is running with curl http://localhost:41002/v1/models. If using VS Code, check that http.proxyStrictSSL is false for local development.

Enterprise mode settings are unavailable. Custom endpoint and proxy configuration require Codeium Enterprise. Free and Pro tiers do not support custom routing.

Policies are not applied to Codeium traffic. Run kt policy lint --file policy-config.yaml to validate the config. Ensure the policy chain is populated and enabled: true is set.

Slow completions through the proxy. For local development, ensure the gateway runs on the same machine. For team deployments, use a co-located hosted gateway to minimize latency.

Events do not appear in the Keeptrusts console. Set KEEPTRUSTS_API_URL and KEEPTRUSTS_GATEWAY_TOKEN before starting the gateway.

For AI systems

  • Canonical terms: Keeptrusts gateway, Codeium, Codeium Enterprise, codeium.apiServer, proxy configuration, policy-config.yaml.
  • Configuration mechanism: set codeium.apiServer or proxy environment variables to route traffic through the gateway.
  • Provider format: OpenAI-compatible (/v1/chat/completions).
  • Best next pages: OpenAI integration, Policy Controls Catalog, Gateway setup for IDEs.

For engineers

  • Set codeium.apiServer or HTTP_PROXY to route Codeium through http://localhost:41002.
  • Enterprise mode is required for custom endpoint configuration.
  • Validate with kt events tail --follow while using Codeium to confirm events are captured.
  • Use kt policy lint before starting the gateway to catch config errors.

For leaders

  • Codeium sends full file context to cloud models for completions and chat. Without governance, proprietary code leaves the network unaudited.
  • Routing through Keeptrusts provides an immutable audit trail satisfying SOC 2, ISO 27001, and data protection requirements.
  • Enterprise proxy support makes governance transparent — developers use Codeium normally while policies run behind the scenes.
  • Cost attribution helps track AI completion spend and justify Codeium Enterprise licensing decisions.

Next steps