[FEATURE] Secret scrubbing and rotation for session logs (~/.claude/projects/*.jsonl)
Preflight Checklist
- [x] I have searched existing requests and this feature hasn't been requested yet
- [x] This is a single feature request (not multiple features)
Problem Statement
Claude Code session logs (~/.claude/projects//.jsonl) persist every message, tool call, and tool result in plaintext indefinitely. When a secret (API key, token, cookie) appears during a conversation — from an approved command, a file read, or a tool output — it is stored in cleartext on disk with no rotation and no cleanup.
On my machine after ~30 days of usage, a simple grep revealed 5 distinct secrets scattered across 34 session files (418 MB total). Paste-cache, file-history, and debug logs also contained secrets.
This is related to #5544 (settings.local.json) and #24185 (.env reading), but the session logs are a larger surface since they capture secrets from any source, not just approved commands.
Proposed Solution
- Detect common secret patterns (API keys, JWTs, bearer tokens) before writing to .jsonl and replace with [REDACTED]
- Auto-rotate session logs older than N days (configurable, default 30)
- Warn the user when a secret pattern is detected in a command being approved
- Never store literal token values in settings.local.json permissions — store the command shape, not the argument values
- Long term: encrypt session logs at rest using the system keychain
Alternative Solutions
Currently I work around this by manually running grep to find leaked secrets, then deleting the affected session files.
This is not sustainable — most users will never know their secrets are accumulating in plaintext in ~/.claude/.
Other AI coding tools (Cursor, Copilot) don't persist full conversation logs to disk by default.
Priority
High - Significant impact on productivity
Feature Category
Configuration and settings
Use Case Example
- I'm working on a self-hosted project with API keys stored in a key/ directory (gitignored)
- During a Claude Code session, I approve a curl command containing a token, or Claude reads a key file
to debug an auth issue
- The session ends. I forget about it.
- 30 days later, I have 80+ session files in ~/.claude/projects/ containing 5 different secrets in
plaintext
- A malicious npm postinstall script, a compromised VS Code extension, or any process running as my user
can grep ~/.claude/ and harvest every secret I ever used with Claude
- With secret scrubbing and rotation, those secrets would have been redacted on write and the old
sessions auto-deleted
Additional Context
Related issues: #5544 #13106 #24185 #44868 #29910 #8961
Full details submitted via HackerOne VDP (private report).
Files involved:
- ~/.claude/projects//.jsonl (session logs)
- ~/.claude/projects//subagents/.jsonl
- ~/.claude/paste-cache/
- ~/.claude/file-history/
- ~/.claude/history.jsonl
- ~/.claude/debug/
This issue has 6 comments on GitHub. Read the full discussion on GitHub ↗