[FEATURE] Secret scrubbing and rotation for session logs (~/.claude/projects/*.jsonl)

Resolved 💬 6 comments Opened Apr 17, 2026 by augustinfynce Closed Jul 16, 2026

Preflight Checklist

  • [x] I have searched existing requests and this feature hasn't been requested yet
  • [x] This is a single feature request (not multiple features)

Problem Statement

Claude Code session logs (~/.claude/projects//.jsonl) persist every message, tool call, and tool result in plaintext indefinitely. When a secret (API key, token, cookie) appears during a conversation — from an approved command, a file read, or a tool output — it is stored in cleartext on disk with no rotation and no cleanup.

On my machine after ~30 days of usage, a simple grep revealed 5 distinct secrets scattered across 34 session files (418 MB total). Paste-cache, file-history, and debug logs also contained secrets.

This is related to #5544 (settings.local.json) and #24185 (.env reading), but the session logs are a larger surface since they capture secrets from any source, not just approved commands.

Proposed Solution

  1. Detect common secret patterns (API keys, JWTs, bearer tokens) before writing to .jsonl and replace with [REDACTED]
  2. Auto-rotate session logs older than N days (configurable, default 30)
  3. Warn the user when a secret pattern is detected in a command being approved
  4. Never store literal token values in settings.local.json permissions — store the command shape, not the argument values
  5. Long term: encrypt session logs at rest using the system keychain

Alternative Solutions

Currently I work around this by manually running grep to find leaked secrets, then deleting the affected session files.
This is not sustainable — most users will never know their secrets are accumulating in plaintext in ~/.claude/.

Other AI coding tools (Cursor, Copilot) don't persist full conversation logs to disk by default.

Priority

High - Significant impact on productivity

Feature Category

Configuration and settings

Use Case Example

  1. I'm working on a self-hosted project with API keys stored in a key/ directory (gitignored)
  2. During a Claude Code session, I approve a curl command containing a token, or Claude reads a key file

to debug an auth issue

  1. The session ends. I forget about it.
  2. 30 days later, I have 80+ session files in ~/.claude/projects/ containing 5 different secrets in

plaintext

  1. A malicious npm postinstall script, a compromised VS Code extension, or any process running as my user

can grep ~/.claude/ and harvest every secret I ever used with Claude

  1. With secret scrubbing and rotation, those secrets would have been redacted on write and the old

sessions auto-deleted

Additional Context

Related issues: #5544 #13106 #24185 #44868 #29910 #8961

Full details submitted via HackerOne VDP (private report).

Files involved:

  • ~/.claude/projects//.jsonl (session logs)
  • ~/.claude/projects//subagents/.jsonl
  • ~/.claude/paste-cache/
  • ~/.claude/file-history/
  • ~/.claude/history.jsonl
  • ~/.claude/debug/

View original on GitHub ↗

This issue has 6 comments on GitHub. Read the full discussion on GitHub ↗