[DOCS] Sandbox docs omit `sandbox.credentials` setting added in v2.1.187

Open 💬 1 comment Opened Jun 23, 2026 by coygeek

Documentation Type

Missing documentation (feature not documented)

Documentation Location

https://code.claude.com/docs/en/sandboxing
https://code.claude.com/docs/en/settings
https://code.claude.com/docs/en/security

Section/Topic

Sandbox credential protection, especially sandbox.credentials in the Settings sandbox key reference and sandbox credential-file / secret-environment-variable guidance.

Current Documentation

The sandboxing guide says credential files remain readable by default and instructs users to configure denyRead manually:

Default read behavior: read access to the entire computer, except certain denied directories. Note that this default still allows reading credential files such as ~/.aws/credentials and ~/.ssh/. Add them to denyRead to block them.

Local evidence: docs/code.claude.com/docs/en/sandboxing.md:203-204

The Settings sandbox key table documents manual filesystem read-deny rules, but not sandbox.credentials:

filesystem.denyRead ... Paths where sandboxed commands cannot read ... Example: ["~/.aws/credentials"]

Local evidence: docs/code.claude.com/docs/en/settings.md:380

Exact searches found no sandbox.credentials mention in local docs/code.claude.com/.

What's Wrong or Missing?

Claude Code v2.1.187 says: Added sandbox.credentials setting to block sandboxed commands from reading credential files and secret environment variables.

The current docs do not document the setting's existence, accepted values, default behavior, which credential files or secret environment variables it blocks, or how it interacts with sandbox.filesystem.denyRead, sandbox.filesystem.allowRead, permission Read(...) deny rules, and managed settings. The sandboxing guide also appears outdated because it still presents manual denyRead entries as the credential-protection path.

Suggested Improvement

Add sandbox.credentials to the Settings page sandbox table and update the Sandboxing guide to describe it. The docs should cover supported values, default behavior, merge/override behavior across scopes, interaction with filesystem.allowRead, and whether users should still manually add denyRead entries for custom secret paths not covered by the built-in credential protection list.

Impact

High - Prevents users from using a feature

Additional Context

Release reference: Claude Code v2.1.187, Added sandbox.credentials setting to block sandboxed commands from reading credential files and secret environment variables.

Duplicate search found no exact open issue for sandbox.credentials. Closest non-duplicates include #69405 for sandbox.allowAppleEvents and #69149 for the v2.1.179 denyRead/allowRead glob fix.

View original on GitHub ↗

This issue has 1 comment on GitHub. Read the full discussion on GitHub ↗