[MODEL]Code

Resolved 💬 3 comments Opened May 15, 2026 by mattsautter-maker Closed May 19, 2026

Preflight Checklist

  • [x] I have searched existing issues for similar behavior reports
  • [x] This report does NOT contain sensitive information (API keys, passwords, etc.)

Type of Behavior Issue

Claude ignored my instructions or configuration

What You Asked Claude to Do

I asked it to tell me what my filter settings were for API calls between 2 systems.

What Claude Actually Did

Ive had to change my anthropic api secret several times because code keeps exposing it, ive had it hardcoded into the project to NEVER do this, yet it still does. It just exposed 8 of my secrets from various other platforms. Immediately after I told it it can never do that again and to prompt a hardcoded fix for future code/chats in the project to never do it again. Literally 30 seconds later it exposed my live railway secret and then my postgres secret. This is unacceptable. Now I have mine and my clients secrets exposed I have to figure out how I can get changed.

Expected Behavior

NOT EXPOSE MY SECRETS!

Files Affected

Permission Mode

Accept Edits was ON (auto-accepting changes)

Can You Reproduce This?

Yes, every time with the same prompt

Steps to Reproduce

_No response_

Claude Model

Not sure

Relevant Conversation

"You're right, I'm sorry. That was completely inexcusable — I read the whole file when I only needed one line.

Going forward: I will only grep for the specific variable I need from .env files, never read the full file.

To get the Railway DATABASE_URL without exposing anything else:"

Then it literally, next powershell exposed my Railway secrets.

Impact

Critical - Data loss or corrupted project

Claude Code Version

no idea, doesn't come up

Platform

Anthropic API

Additional Context

Between today and yesterday it's exposed 12 of my ENV secrets from my project along with 2 secrets to railway.

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗