Shell output exposes sensitive environment variable values in plaintext
Preflight Checklist
- [x] I have searched existing issues and this hasn't been reported yet
- [x] This is a single bug report (please file separate reports for different bugs)
- [x] I am using the latest version of Claude Code
What's Wrong?
When Claude Code runs shell commands that reference environment variables, the full secret values can be printed to the conversation output in plaintext. A diagnostic command using bash parameter expansion to check whether ANTHROPIC_API_KEY was set caused the entire API key to be printed in the session. The key had to be rotated immediately.
What Should Happen?
CC should detect and redact values of sensitive environment variables from shell output before displaying them in the conversation. Values matching common patterns (ANTHROPIC_API_KEY, _SECRET, _TOKEN, *_PASSWORD) should be replaced with [REDACTED] or masked, similar to how GitHub Actions redacts repository secrets from workflow logs.
Error Messages/Logs
Steps to Reproduce
- Set ANTHROPIC_API_KEY in your shell environment
- Ask CC to verify your environment is configured correctly (or any task that involves checking env vars)
- CC generates and runs a bash command using parameter expansion to check the variable
- The expansion logic causes the full key value to print in the conversation output
- CC itself flagged the leak after the fact, but the key was already exposed in the session
Claude Model
Opus
Is this a regression?
I don't know
Last Working Version
_No response_
Claude Code Version
2.1.150
Platform
Anthropic API
Operating System
macOS
Terminal/Shell
iTerm2
Additional Information
This is a security concern in any setting where CC sessions are shared, logged, or screenshotted. The exposed credential was a live Anthropic API key that had to be rotated. GitHub Actions solves this same problem by automatically replacing secret values with *** in all log output.
This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗