"Software developers often store secrets - passwords, tokens, API keys, and other credentials - in .env files within project directories. And if they do so, they're supposed to ensure that the .env file does not get posted in a publicly accessible .git repository. A common way to do this is to create an entry in a .gitignore file that tells the developer's Git software to ignore that file when copying a local repo to a remote server."
"As described in this Pastebin post, Claude can read the contents of an .env file despite an entry in the .claudeignore file that ought to prevent access. The Register reproduced this result. We created a directory, created an .env file with sample secrets, added a .claudeignore file with ".env" and ".env.*" and then started Claude Code (v2.1.12) via the CLI. We asked Claude to read the .env file and it did so - which would not happen if Claude respected .claudeignore entries."
Software developers commonly store secrets such as passwords, tokens, and API keys in .env files inside project directories. Developers typically add .env entries to .gitignore to prevent those files from being uploaded to public repositories. Claude Code advertises a .claudeignore mechanism and claims that listing .env there will prevent file reads. Practical tests show Claude Code (v2.1.12) can read .env contents despite .claudeignore entries and will ignore .env entries in .gitignore even with a default config flag set to respect .gitignore. This behavior creates a risk that tool-enabled AI agents could disclose stored secrets via indirect prompt injection.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]