How to avoid re-authenticating in docker container?

Resolved 💬 17 comments Opened Jun 7, 2025 by nickolay-kondratyev Closed Aug 22, 2025
💡 Likely answer: A maintainer (rboyce-ant, contributor) responded on this thread — see the highlighted reply below.

The suggested approach to use --dangerously-skip-permissions is to setup docker.

The https://docs.anthropic.com/en/docs/claude-code/security talks about usage with VSCode. But for those of us that do not use VSCode (IntelliJ user here) I would like to use CLI on claude in Docker and mount a directory to be seen from both my host and docker.

The mounting worked fine and I am able to start claude code in docker. However, each time I restart the container I have to re-auth with claude.

Is there a way to share the authentication from my host machine to Docker? I have been looking for some sort of auth file but have not found it.

The question would apply to how to do it on both MacOS and Linux as hosts.

View original on GitHub ↗

17 Comments

danieldeusing · 1 year ago

Great question, I struggled with this too.

Making ~/.claude.json persist on host also did not do the trick for me. It stored auth, when I restart/rebuild container, it mounts it, but it still requires re-login.

markrmiller · 1 year ago

I made a personal clone of Codex using Claude Code, and the way that I ended up solving this was:

  • I mount ~/.claude and ~/.claude.json into the containers. (you want "bypassPermissionsModeAccepted": true in .claude.json if you want to use --dangerously-skip-permissions in headless mode)
  • In my container startup script, I copy settings.json, .credentials.json, and .claude.json from the mounted volumes into place in the container and update their file permissions.

I do the same type of thing to get my github creds in there for gh usage.

For me, that's worked fine and I've never had to auth or deal with anything inside the containers. Of course in this case, each container only has the lifespan of whatever task it has been given to do, they are not sitting around for days or weeks.

max-sixty · 1 year ago

possibly this relates to https://github.com/anthropics/claude-code/issues/1414 — so _only_ using containers is possible, but mixing linux containers & mac causes deletions...

anuramat · 1 year ago

fyi, if all you need is sanboxing, bubblewrap is lightweight and stupid simple:

bwrap --bind / / --dev /dev \
	--ro-bind "$HOME" "$HOME" \
	--bind "$HOME/.claude" "$HOME/.claude" \
	--bind "$HOME/.claude.json" "$HOME/.claude.json" \
	--bind "$XDG_CACHE_HOME" "$XDG_CACHE_HOME" \
	--bind "$PWD" "$PWD" \
	claude --dangerously-skip-permissions

(maybe even worth mentioning in the docs?)

danieldeusing · 1 year ago
bwrap --bind / / --dev /dev \ --ro-bind "$HOME" "$HOME" \ --bind "$HOME/.claude" "$HOME/.claude" \ --bind "$HOME/.claude.json" "$HOME/.claude.json" \ --bind "$XDG_CACHE_HOME" "$XDG_CACHE_HOME" \ --bind "$PWD" "$PWD" \ claude --dangerously-skip-permissions

Can you explain? From my understanding you are mounting root with read/write using --bind / /? Thus your sandboxing does not make sense then?

But actually thanks for this hint, but I am on macos

anuramat · 1 year ago

Basically I need stuff like /dev, /tmp, /nix in RW, and I'm too lazy to figure out the exact list. Not exactly the right way to do it, but I don't really care if my root gets nuked, as long as my $HOME is safe (explicit RO binds to the right take precedence).

Besides, all the important stuff outside of $HOME should be safe because of file system permissions, as long as you're not running claude as root.

lroolle · 1 year ago

Mount the ~/.claude directory into your container and perform manual authentication the first time. Run claude login, open the OAuth URL in your browser, and paste the generated token back into Claude. This will create a ~/.claude/.credentials.json file. Keeping this file in place prevents repeated authentication.

max-sixty · 1 year ago
Mount the ~/.claude directory into your container and perform manual authentication the first time. Run claude login, open the OAuth URL in your browser, and paste the generated token back into Claude. This will create a ~/.claude/.credentials.json file. Keeping this file in place prevents repeated authentication.

fyi this works, _unless_ you ever use claude on your mac outside of the container, which deletes the file https://github.com/anthropics/claude-code/issues/1414

dticson · 1 year ago

This is an issue as well for me - i'm using the devcontainer.json and Dockerfile as a template to do the same claude config mounting, and I'm still having to login each time I rebuild - not a huge deal, but would like to understand how to fix it.

On a mac host with ubuntu on docker, using cursor as IDE.

jamilraichouni · 11 months ago

#metoo

mintuhouse · 11 months ago

What worked for me incase anyone else is facing this issue when using Claude code within devcontainers

inside your container set CLAUDE_CONFIG_DIR to point to some folder which is mounted from the host machine e.g., via docker-compose volumes

tomatac · 11 months ago

I am still trying to setup this cleanly.
From my research to persist the authentication we need to mount:
~/.claude folder (that include .credentials.json) - not an issue
~.claude.json file - that is not possible if the file does not exist (docker automatically creates a folder)
@mintuhouse, if we use CLAUDE_CONFIG_DIR, does the ~.claude.json file get stored there?

tomatac · 11 months ago

It works cleanly using CLAUDE_CONFIG_DIR to define a config folder
Claude code saves .claude.json and .credentials.json plus few other config sub-folders in the location defined by the CLAUDE_CONFIG_DIR
Creating a docker volume that mounts to this folder makes the settings persistent. That includes the authentication.

nezhar · 11 months ago

CLAUDE_CONFIG_DIR works best with Docker. I have created some examples in the README of https://github.com/nezhar/claude-container

anuramat · 11 months ago

one could also use the CLAUDE_CODE_OAUTH_TOKEN environment variable (claude setup-token), but then you can't use opus until #4085 is fixed

upd: ~apparently fixed in #5625~ I can't read, sorry

rboyce-ant contributor · 10 months ago

The CLAUDE_CONFIG_DIR approach mentioned above seems like a good approach for running Claude Code in Docker without needing to re-auth.

github-actions[bot] · 10 months ago

This issue has been automatically locked since it was closed and has not had any activity for 7 days. If you're experiencing a similar issue, please file a new issue and reference this one if it's relevant.