[HIGH PRIORITY] Claude exposes secrets/tokens in tool output - no redaction
Resolved 💬 3 comments Opened Jan 26, 2026 by trust11 Closed Jan 30, 2026
Problem
Claude Code exposes sensitive data in tool outputs without any redaction:
- Read tool: Shows full file contents including API tokens, passwords
- Bash tool: Shows all environment variables including secrets when listing them
- Any output: No automatic detection/redaction of secret patterns
Impact
- Users accidentally expose credentials in conversation history
- Keys need to be rotated after every accidental exposure
- Makes it dangerous to work with any files containing secrets
Expected Behavior
- Automatic redaction of common secret patterns (API keys, tokens, passwords)
- Option to mark certain env vars as sensitive
- Warning before displaying potential secrets
- Redact values matching patterns like
ptr_*,sk-*, JWT tokens, etc.
Suggested Solutions
- Pattern-based redaction (regex for common token formats)
- Env var naming convention (
*_SECRET,*_TOKEN,*_KEY,*_PASS*) - User-configurable secret patterns in settings
- Show
[REDACTED]instead of actual values
Reproduction
- Have a file with API tokens
- Ask Claude to read it
- Tokens are fully visible in output
This is a security-critical issue that should be addressed urgently.
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗