Feature Request: Secure/masked input for sensitive data entry

Resolved 💬 3 comments Opened Mar 25, 2026 by sylviref Closed Mar 29, 2026

Feature Request

Use Case:
When troubleshooting or configuring integrations, users often need to provide temporary API tokens, passwords, or other sensitive credentials to Claude Code. Currently, there's no built-in way to input sensitive data without it being visible in the terminal and potentially logged in conversation history.

Example Scenario:
During a Netskope troubleshooting session, I needed to provide a temporary full-access API token. I had to create a separate PowerShell script with Read-Host -AsSecureString to capture the token securely and write it to a temp file for Claude to read.

Proposed Solution:
A secure input mechanism that:

  1. Masks input (like password fields) so it's not visible on screen
  2. Doesn't log the sensitive value in conversation history/context
  3. Makes the value available to Claude for use in API calls or scripts
  4. Optionally auto-expires or requires re-entry after a timeout

Possible Implementation:

  • A /secret or /secure-input slash command that prompts for masked input
  • Integration with system keychain/credential managers
  • A tool like AskUserSecureInput that renders a password field

Benefits:

  • Safer handling of temporary credentials during troubleshooting
  • Reduces risk of credential exposure in logs or screen captures
  • Enables more secure DevOps/SecOps workflows

Thank you for considering this feature!

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗