Fresh install should include default deny rules for credential paths

Resolved 💬 2 comments Opened Apr 11, 2026 by crombieman Closed May 22, 2026

Description

A fresh Claude Code installation has zero permission deny rules. Credential files at well-known paths are fully accessible out of the box:

  • ~/.ssh/ (SSH keys)
  • ~/.aws/ (AWS credentials)
  • ~/.gnupg/ (GPG keys)
  • ~/.kube/ (Kubernetes configs)
  • ~/.npmrc (npm tokens)
  • ~/.git-credentials (Git credentials)
  • ~/.config/gh/ (GitHub CLI tokens)

Proposed fix

Ship a default settings.json (or built-in default) that denies Read access to common credential paths. Users who need Claude to access these paths can explicitly remove the deny rules — opt-out is safer than opt-in for credential access.

Suggested defaults:

{
  "permissions": {
    "deny": [
      "Read(~/.ssh/**)",
      "Read(~/.gnupg/**)",
      "Read(~/.aws/**)",
      "Read(~/.azure/**)",
      "Read(~/.kube/**)",
      "Read(~/.npmrc)",
      "Read(~/.git-credentials)",
      "Read(~/.config/gh/**)"
    ]
  }
}

Why this matters

Most developers never configure security settings (the article that prompted this research had 911K views — indicating the vast majority of users hadn't thought about this). Secure defaults protect the users who need it most — the ones who don't know to configure it.

Environment

  • Claude Code 2.1.84
  • Windows 10

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗