[HIGH PRIORITY] Claude exposes secrets/tokens in tool output - no redaction

Resolved 💬 3 comments Opened Jan 26, 2026 by trust11 Closed Jan 30, 2026

Problem

Claude Code exposes sensitive data in tool outputs without any redaction:

  1. Read tool: Shows full file contents including API tokens, passwords
  2. Bash tool: Shows all environment variables including secrets when listing them
  3. Any output: No automatic detection/redaction of secret patterns

Impact

  • Users accidentally expose credentials in conversation history
  • Keys need to be rotated after every accidental exposure
  • Makes it dangerous to work with any files containing secrets

Expected Behavior

  • Automatic redaction of common secret patterns (API keys, tokens, passwords)
  • Option to mark certain env vars as sensitive
  • Warning before displaying potential secrets
  • Redact values matching patterns like ptr_*, sk-*, JWT tokens, etc.

Suggested Solutions

  1. Pattern-based redaction (regex for common token formats)
  2. Env var naming convention (*_SECRET, *_TOKEN, *_KEY, *_PASS*)
  3. User-configurable secret patterns in settings
  4. Show [REDACTED] instead of actual values

Reproduction

  1. Have a file with API tokens
  2. Ask Claude to read it
  3. Tokens are fully visible in output

This is a security-critical issue that should be addressed urgently.

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗