[BUG] approved bash commands containing credentials are stored as is with plain text credentials in settings.local.json

Resolved 💬 6 comments Opened Aug 11, 2025 by asherfeldmangit Closed Jan 3, 2026

Environment

  • Platform (select one):
  • Anthropic API
  • AWS Bedrock
  • Google Vertex AI
  • Other:
  • Claude CLI version:
  • Operating System: macOS 14.5 (Darwin 24.5.0)
  • Terminal: Terminal App

Bug Description

Claude Code stores approved bash commands containing sensitive credentials in plaintext within the local settings
configuration file (.claude/settings.local.json). When users approve commands with API keys, tokens, or other secrets,
these credentials are permanently stored in the auto-approval permissions list without sanitization.

Steps to Reproduce

  1. Execute a bash command containing sensitive credentials (e.g., curl with API keys)
  2. Approve the command when prompted by Claude Code
  3. Navigate to .claude/settings.local.json in your project directory
  4. Observe that the command with embedded credentials is stored in the permissions.allow array

Expected Behavior

Sensitive credentials should be sanitized, redacted, or excluded from the auto-approval list to prevent plaintext
storage of secrets in configuration files.

Actual Behavior

Complete bash commands including API keys, secret tokens, authorization headers, and other sensitive data are stored
verbatim in the JSON configuration file. Examples include:

  • API secret keys: XXXXXXX
  • Authorization tokens: XXXXXXXX
  • Jira API tokens: XXXXX

etc.

Additional Context

This creates significant security risks:

  • Credentials are vulnerable to unauthorized filesystem access
  • Settings files may be accidentally shared or committed to version control
  • Compromised credentials could provide unauthorized access to production systems
  • Credentials persist indefinitely in the configuration file

View original on GitHub ↗

This issue has 6 comments on GitHub. Read the full discussion on GitHub ↗