[FEATURE] Local Secret Storage for Tool Use (Never Sent to Inference)
Preflight Checklist
- [x] I have searched existing requests and this feature hasn't been requested yet
- [x] This is a single feature request (not multiple features)
Problem Statement
Sometimes I want Claude to use secrets (sudo password, API keys, etc.) for tool operations, but I don't want those secrets sent to Anthropic's inference API. Currently there's no way to provide secrets that stay local.
Putting secrets in conversation, CLAUDE.md, or environment variables all result in them being transmitted to inference.
Use Cases
- Running sudo commands without typing password each time
- Database operations with credentials
- API calls with keys that shouldn't leave my machine
Potential Solutions
Similar to how ! launches a command directly without Claude, perhaps $secret_name or a localSecret tool could retrieve secrets from a local vault (OS keychain, pass, or Claude-specific store) and inject them into tool execution - without ever sending the value to inference.
The model would only see the secret reference name, and local Claude Code handles the actual secret retrieval and usage.
Priority
Medium - Would be very helpful
---
This issue was created using Claude Code 🤖
This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗