Fresh install should include default deny rules for credential paths
Resolved 💬 2 comments Opened Apr 11, 2026 by crombieman Closed May 22, 2026
Description
A fresh Claude Code installation has zero permission deny rules. Credential files at well-known paths are fully accessible out of the box:
~/.ssh/(SSH keys)~/.aws/(AWS credentials)~/.gnupg/(GPG keys)~/.kube/(Kubernetes configs)~/.npmrc(npm tokens)~/.git-credentials(Git credentials)~/.config/gh/(GitHub CLI tokens)
Proposed fix
Ship a default settings.json (or built-in default) that denies Read access to common credential paths. Users who need Claude to access these paths can explicitly remove the deny rules — opt-out is safer than opt-in for credential access.
Suggested defaults:
{
"permissions": {
"deny": [
"Read(~/.ssh/**)",
"Read(~/.gnupg/**)",
"Read(~/.aws/**)",
"Read(~/.azure/**)",
"Read(~/.kube/**)",
"Read(~/.npmrc)",
"Read(~/.git-credentials)",
"Read(~/.config/gh/**)"
]
}
}
Why this matters
Most developers never configure security settings (the article that prompted this research had 911K views — indicating the vast majority of users hadn't thought about this). Secure defaults protect the users who need it most — the ones who don't know to configure it.
Environment
- Claude Code 2.1.84
- Windows 10
This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗