Feature Request: Secure/masked input for sensitive data entry
Feature Request
Use Case:
When troubleshooting or configuring integrations, users often need to provide temporary API tokens, passwords, or other sensitive credentials to Claude Code. Currently, there's no built-in way to input sensitive data without it being visible in the terminal and potentially logged in conversation history.
Example Scenario:
During a Netskope troubleshooting session, I needed to provide a temporary full-access API token. I had to create a separate PowerShell script with Read-Host -AsSecureString to capture the token securely and write it to a temp file for Claude to read.
Proposed Solution:
A secure input mechanism that:
- Masks input (like password fields) so it's not visible on screen
- Doesn't log the sensitive value in conversation history/context
- Makes the value available to Claude for use in API calls or scripts
- Optionally auto-expires or requires re-entry after a timeout
Possible Implementation:
- A
/secretor/secure-inputslash command that prompts for masked input - Integration with system keychain/credential managers
- A tool like
AskUserSecureInputthat renders a password field
Benefits:
- Safer handling of temporary credentials during troubleshooting
- Reduces risk of credential exposure in logs or screen captures
- Enables more secure DevOps/SecOps workflows
Thank you for considering this feature!
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗