[DOCS] Sandbox docs omit `sandbox.credentials` setting added in v2.1.187
Documentation Type
Missing documentation (feature not documented)
Documentation Location
https://code.claude.com/docs/en/sandboxing
https://code.claude.com/docs/en/settings
https://code.claude.com/docs/en/security
Section/Topic
Sandbox credential protection, especially sandbox.credentials in the Settings sandbox key reference and sandbox credential-file / secret-environment-variable guidance.
Current Documentation
The sandboxing guide says credential files remain readable by default and instructs users to configure denyRead manually:
Default read behavior: read access to the entire computer, except certain denied directories. Note that this default still allows reading credential files such as~/.aws/credentialsand~/.ssh/. Add them todenyReadto block them.
Local evidence: docs/code.claude.com/docs/en/sandboxing.md:203-204
The Settings sandbox key table documents manual filesystem read-deny rules, but not sandbox.credentials:
filesystem.denyRead... Paths where sandboxed commands cannot read ... Example:["~/.aws/credentials"]
Local evidence: docs/code.claude.com/docs/en/settings.md:380
Exact searches found no sandbox.credentials mention in local docs/code.claude.com/.
What's Wrong or Missing?
Claude Code v2.1.187 says: Added sandbox.credentials setting to block sandboxed commands from reading credential files and secret environment variables.
The current docs do not document the setting's existence, accepted values, default behavior, which credential files or secret environment variables it blocks, or how it interacts with sandbox.filesystem.denyRead, sandbox.filesystem.allowRead, permission Read(...) deny rules, and managed settings. The sandboxing guide also appears outdated because it still presents manual denyRead entries as the credential-protection path.
Suggested Improvement
Add sandbox.credentials to the Settings page sandbox table and update the Sandboxing guide to describe it. The docs should cover supported values, default behavior, merge/override behavior across scopes, interaction with filesystem.allowRead, and whether users should still manually add denyRead entries for custom secret paths not covered by the built-in credential protection list.
Impact
High - Prevents users from using a feature
Additional Context
Release reference: Claude Code v2.1.187, Added sandbox.credentials setting to block sandboxed commands from reading credential files and secret environment variables.
Duplicate search found no exact open issue for sandbox.credentials. Closest non-duplicates include #69405 for sandbox.allowAppleEvents and #69149 for the v2.1.179 denyRead/allowRead glob fix.
This issue has 1 comment on GitHub. Read the full discussion on GitHub ↗