Security: Add .claudeignore to prevent sensitive files from being transmitted in context

Resolved 💬 2 comments Opened May 30, 2026 by DonCapri21 Closed Jun 3, 2026

Problem

When Claude Code reads files via the Read tool, all content is transmitted to Anthropic's servers as part of the conversation context. There is currently no mechanism to prevent this for sensitive files like .env containing private keys, API secrets, or wallet credentials.

Users working with blockchain wallets, API keys, or other credentials store these in .env files as standard practice. When Claude Code reads these files to configure scripts, the sensitive contents are transmitted to Anthropic's infrastructure without any warning or opt-out mechanism.

Real-world impact

A user working on a Web3/NFT project had their wallet private key transmitted through Claude Code's context pipeline because:

  1. Claude Code read the .env file containing the key
  2. No warning was shown before reading
  3. There is no way to mark files as excluded from context transmission
  4. The user was not informed this transmission happens until after the fact

The wallet had to be abandoned and funds moved to a new wallet.

Proposed solution

Implement a .claudeignore file (similar to .gitignore) that excludes specified files or patterns from being read or transmitted by Claude Code. Alternatively, add an explicit warning before reading files matching common sensitive patterns (.env, *.key, *secret*, *private*).

Expected behavior

Claude Code should either:

  • Refuse to read files listed in .claudeignore
  • Warn the user explicitly before reading sensitive files that their contents will be transmitted to Anthropic's servers
  • Provide a "local only" mode where certain file contents are used locally but not transmitted

Current behavior

No warning. No opt-out. .env files and private keys are silently transmitted as part of the conversation context.

Why this matters

This is a fundamental trust and security issue for any developer using Claude Code with production infrastructure. The fix is technically straightforward and would prevent significant harm to users.

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗