Security: Add .claudeignore to prevent sensitive files from being transmitted in context
Problem
When Claude Code reads files via the Read tool, all content is transmitted to Anthropic's servers as part of the conversation context. There is currently no mechanism to prevent this for sensitive files like .env containing private keys, API secrets, or wallet credentials.
Users working with blockchain wallets, API keys, or other credentials store these in .env files as standard practice. When Claude Code reads these files to configure scripts, the sensitive contents are transmitted to Anthropic's infrastructure without any warning or opt-out mechanism.
Real-world impact
A user working on a Web3/NFT project had their wallet private key transmitted through Claude Code's context pipeline because:
- Claude Code read the
.envfile containing the key - No warning was shown before reading
- There is no way to mark files as excluded from context transmission
- The user was not informed this transmission happens until after the fact
The wallet had to be abandoned and funds moved to a new wallet.
Proposed solution
Implement a .claudeignore file (similar to .gitignore) that excludes specified files or patterns from being read or transmitted by Claude Code. Alternatively, add an explicit warning before reading files matching common sensitive patterns (.env, *.key, *secret*, *private*).
Expected behavior
Claude Code should either:
- Refuse to read files listed in
.claudeignore - Warn the user explicitly before reading sensitive files that their contents will be transmitted to Anthropic's servers
- Provide a "local only" mode where certain file contents are used locally but not transmitted
Current behavior
No warning. No opt-out. .env files and private keys are silently transmitted as part of the conversation context.
Why this matters
This is a fundamental trust and security issue for any developer using Claude Code with production infrastructure. The fix is technically straightforward and would prevent significant harm to users.
This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗