[FEATURE] Local Secret Storage for Tool Use (Never Sent to Inference)

Resolved 💬 2 comments Opened Feb 3, 2026 by JayDoubleu Closed Mar 4, 2026

Preflight Checklist

  • [x] I have searched existing requests and this feature hasn't been requested yet
  • [x] This is a single feature request (not multiple features)

Problem Statement

Sometimes I want Claude to use secrets (sudo password, API keys, etc.) for tool operations, but I don't want those secrets sent to Anthropic's inference API. Currently there's no way to provide secrets that stay local.

Putting secrets in conversation, CLAUDE.md, or environment variables all result in them being transmitted to inference.

Use Cases

  • Running sudo commands without typing password each time
  • Database operations with credentials
  • API calls with keys that shouldn't leave my machine

Potential Solutions

Similar to how ! launches a command directly without Claude, perhaps $secret_name or a localSecret tool could retrieve secrets from a local vault (OS keychain, pass, or Claude-specific store) and inject them into tool execution - without ever sending the value to inference.

The model would only see the secret reference name, and local Claude Code handles the actual secret retrieval and usage.

Priority

Medium - Would be very helpful

---

This issue was created using Claude Code 🤖

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗