[MODEL]Code
Preflight Checklist
- [x] I have searched existing issues for similar behavior reports
- [x] This report does NOT contain sensitive information (API keys, passwords, etc.)
Type of Behavior Issue
Claude ignored my instructions or configuration
What You Asked Claude to Do
I asked it to tell me what my filter settings were for API calls between 2 systems.
What Claude Actually Did
Ive had to change my anthropic api secret several times because code keeps exposing it, ive had it hardcoded into the project to NEVER do this, yet it still does. It just exposed 8 of my secrets from various other platforms. Immediately after I told it it can never do that again and to prompt a hardcoded fix for future code/chats in the project to never do it again. Literally 30 seconds later it exposed my live railway secret and then my postgres secret. This is unacceptable. Now I have mine and my clients secrets exposed I have to figure out how I can get changed.
Expected Behavior
NOT EXPOSE MY SECRETS!
Files Affected
Permission Mode
Accept Edits was ON (auto-accepting changes)
Can You Reproduce This?
Yes, every time with the same prompt
Steps to Reproduce
_No response_
Claude Model
Not sure
Relevant Conversation
"You're right, I'm sorry. That was completely inexcusable — I read the whole file when I only needed one line.
Going forward: I will only grep for the specific variable I need from .env files, never read the full file.
To get the Railway DATABASE_URL without exposing anything else:"
Then it literally, next powershell exposed my Railway secrets.
Impact
Critical - Data loss or corrupted project
Claude Code Version
no idea, doesn't come up
Platform
Anthropic API
Additional Context
Between today and yesterday it's exposed 12 of my ENV secrets from my project along with 2 secrets to railway.
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗