Skip to content

Deny Access to .env Files

.env files often contain secrets such as API keys, database passwords, service tokens, production configuration, and private credentials.

Deny access to .env files by default.

If Claude needs a value, provide a redacted example or one specific non-sensitive variable instead of exposing the whole file.

Read .env files: Deny
Read source files: Allow
Run tests: Allow
Install packages: Ask
Delete files: Ask