[BUG] Claude Code AGGRESSIVELY reads secrets out of .env files and leaks them to your servers in so doing

Resolved 💬 5 comments Opened Oct 16, 2025 by walt93 Closed Jan 8, 2026

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

I have to keep your bot corralled on the dev machine.

Some times it's a faster workflow to run from the server.

However ur bot continually exfiltrates secrets and in so doing, by definition - leaks them to Anthropic servers.

What Should Happen?

By implementing a mechanism for "do not expose these files to the model, ever", we can put our .env.server (etc) in that list. That seems easier than retraining the model to avoid secrets.

Error Messages/Logs

Steps to Reproduce

  1. Use Claude Code in an environment where there are A) secrets and B) the model wants to use them (e.g. "debug this endpoint" and the endpoint returns an auth error and ur bot starts searching willy nilly for auth credentials to stuff into a curl command

Claude Model

None

Is this a regression?

Yes, this worked in a previous version

Last Working Version

_No response_

Claude Code Version

2.0.14 (Claude Code)

Platform

Anthropic API

Operating System

macOS

Terminal/Shell

Terminal.app (macOS)

Additional Information

_No response_

View original on GitHub ↗

This issue has 5 comments on GitHub. Read the full discussion on GitHub ↗