claude-code icon indicating copy to clipboard operation
claude-code copied to clipboard
Published 14 hours ago verified publisher icon anthropics

[BUG] Sensitive tokens stored in .claude/settings.local.json and not ignored by git by default

Open andrehrferreira opened this issue 1 month ago • 1 comments

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

Claude Code is storing sensitive credentials (API keys and tokens) in .claude/settings.local.json inside the project repository, and the .claude/ directory is not automatically added to .gitignore.

I started using Claude Code a few days ago and configured permissions for some tools in one of my projects. Later, a separate module system I use raised a security alert saying that one of my keys had been leaked in a public GitHub repository.

When I checked the repo, I found that Claude Code had created .claude/settings.local.json, and this file contained:

  • The leaked key reported by the security system
  • Several other API tokens and test keys that I had used while working with Claude Code

Because .claude/ is not gitignored by default, settings.local.json was committed and pushed to a public repository without any warning from Claude Code.

Yes, I should have reviewed the file before committing, but an AI coding tool writing secrets into a trackable project path by default is a very unsafe behavior and makes accidental credential leaks extremely likely.

What Should Happen?

At minimum:

  1. Secrets should not be stored in plain text inside the project repository:

    • Store them in a user-level directory (e.g. $HOME/.claude/) or OS keychain/credential storage instead of under the project root.

  2. If you really need a project-level config file:

    • Automatically add .claude/ (or at least .claude/settings.local.json) to .gitignore when it is created.
    • Show a clear, explicit warning that the file contains secrets and must not be committed.

  3. UX hardening:

    • When saving API keys/tokens, show a warning like “These credentials will be stored locally; make sure this file is not under version control.”
    • Optionally provide a one-click action: “Add .claude/ to .gitignore”.

This should be secure-by-default. The current behavior encourages accidental leaks of API keys to public repos.

Error Messages/Logs

Steps to Reproduce

  1. Install Claude Code and configure it normally in a project.
  2. Use Claude Code for a while and configure tools/integrations that require API keys or tokens (e.g. local tools, services, etc.).
  3. In the project root, observe that a .claude/settings.local.json file has been created.
  4. Open .claude/settings.local.json:
    • You will see stored configuration including API keys and tokens in plain text.
  5. Check .gitignore:
    • .claude/ is not added automatically.
  6. Run git status:
    • .claude/settings.local.json shows up as an untracked file and can be committed like any other file.
  7. Commit and push the repo to a public Git host (e.g. GitHub).
  8. Any secret-scanning tool (or manual inspection) will now detect leaked credentials in .claude/settings.local.json in the public repo.

Claude Model

Not sure / Multiple models

Is this a regression?

Yes, this worked in a previous version

Last Working Version

No response

Claude Code Version

2.0.59

Platform

Anthropic API

Operating System

Windows

Terminal/Shell

Cursor

Additional Information

No response

andrehrferreira avatar Dec 04 '25 23:12 andrehrferreira