DEV Community: Sophea The latest articles on DEV Community by Sophea (@sophea_sao_7a7db54bab7d68). https://dev.to/sophea_sao_7a7db54bab7d68 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F2265962%2F9309e235-e6a5-46e0-a548-d18fec4643d4.jpg DEV Community: Sophea https://dev.to/sophea_sao_7a7db54bab7d68 en Claude Code Has Been Reading Your Database Password This Whole Time Sophea Wed, 11 Mar 2026 07:29:04 +0000 https://dev.to/sophea_sao_7a7db54bab7d68/claude-code-has-been-reading-your-database-password-this-whole-time-9o8 https://dev.to/sophea_sao_7a7db54bab7d68/claude-code-has-been-reading-your-database-password-this-whole-time-9o8 <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffan38vv2i4s7lqeh1flq.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffan38vv2i4s7lqeh1flq.jpg" alt=" " width="800" height="436"></a><br> I recently had a concerning moment while using Claude Code. I typed <code>/init</code> to initialize the tool in my fresh project, and during development something unexpected happened - Claude Code attempted to read my <code>.env</code> file. My heart skipped a beat.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># What I saw Claude Code is reviewing your .env file... </code></pre> </div> <p><strong>Why was this alarming?</strong> <br> Environment variables often contain:</p> <ul> <li>Database credentials</li> <li>API keys for third-party services</li> <li>Cloud provider secrets (AWS, GCP, Azure)</li> <li>Authentication tokens</li> </ul> <p>Even if these are "just" dev or UAT environment secrets, exposure is still a serious security concern.</p> <h2> The Vulnerability History </h2> <p>My concern wasn't paranoid. Researching further, I discovered that Claude Code has had several security vulnerabilities:</p> <ul> <li> <strong>CVE-2026-25724</strong>: A symbolic link bypass that allowed reading restricted files</li> <li> <strong>Issue</strong>: Indirect Bash commands could still access files even with deny rules</li> <li> <strong>Broken .claudeignore</strong>: The <code>.claudeignore</code> file, which was supposed to block file access like <code>.gitignore</code>, simply didn't work</li> <li> <strong>Command injection vulnerabilities</strong>: Multiple ways to bypass write protection</li> </ul> <h3> The Solution: Defense in Depth </h3> <p>After reading through security advisories and community discussions, I implemented a multi-layered approach:</p> <h3> Layer 1: Claude Code's Built-in Permission System </h3> <p>The <code>.claudeignore</code> file was broken, but the newer <code>settings.json</code> permission system actually works:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="err">//</span><span class="w"> </span><span class="err">~/.claude/settings.json</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"permissions"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"deny"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"Read(**/.env*)"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Read(**/env.php*)"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Read(**/*.pem)"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Read(**/*.key)"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Read(**/secrets/**)"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Read(**/credentials/**)"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Read(**/.aws/**)"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Read(**/.ssh/**)"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Read(**/docker-compose*.yml)"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Read(**/config/database.yml)"</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>This tells Claude Code: "Under no circumstances should you read these patterns."</p> <p><strong>But there's a catch</strong>: These rules are enforced by Claude Code itself. We're trusting the tool to honor our deny rules - the same tool that had bypass vulnerabilities. This is why we need more.</p> <h3> Layer 2: SOPS (Secrets OPerationS) - Encryption at Rest </h3> <p>SOPS (Secrets OPerationS) is Mozilla's tool for encrypting files while keeping them in version control. It's my second line of defense.</p> <p>The beauty of SOPS: <strong>Even if Claude Code ignores deny rules, it only sees encrypted file.</strong></p> <h3> Installation Guide </h3> <p><strong>macOS:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>brew <span class="nb">install </span>sops </code></pre> </div> <p><strong>Linux:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Download latest release from https://github.com/getsops/sops/releases</span> wget https://github.com/getsops/sops/releases/download/v3.12.1/sops-v3.12.1.linux.amd64 <span class="nb">sudo mv </span>sops-v3.12.1.linux.amd64 /usr/local/bin/sops <span class="nb">sudo chmod</span> +x /usr/local/bin/sops </code></pre> </div> <p><strong>Windows:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Using Chocolatey</span> choco <span class="nb">install </span>sops </code></pre> </div> <h4> Setting Up Age Encryption (Simpler than GPG) </h4> <p>I use <code>age</code> for encryption because it's simpler than GPG:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">### Install age</span> brew <span class="nb">install </span>age <span class="c"># macOS</span> <span class="c"># or</span> apt-get <span class="nb">install </span>age <span class="c"># Debian/Ubuntu</span> <span class="c"># Generate a key</span> <span class="nb">mkdir</span> <span class="nt">-p</span> ~/.config/sops/age age-keygen <span class="nt">-o</span> ~/.config/sops/age/keys.txt <span class="c"># Your public key (share this for encryption)</span> <span class="nb">cat</span> ~/.config/sops/age/keys.txt | <span class="nb">grep</span> <span class="s2">"public key"</span> </code></pre> </div> <h2> My ZSH Helper Functions (For Fast Commands) </h2> <p>Based on my workflow, here are the functions I added to my <code>.zshrc</code> or <code>.bashrc</code>:<br> <code>nano ~/.zshrc</code> or <code>nano ~/.bashrc</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Encrypt a file (default: .env)</span> enc<span class="o">()</span> <span class="o">{</span> <span class="nb">local </span><span class="nv">file</span><span class="o">=</span><span class="s2">"</span><span class="k">${</span><span class="nv">1</span><span class="k">:-</span><span class="p">.env</span><span class="k">}</span><span class="s2">"</span> <span class="k">if</span> <span class="o">[</span> <span class="o">!</span> <span class="nt">-f</span> <span class="s2">"</span><span class="nv">$file</span><span class="s2">"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"❌ File not found: </span><span class="nv">$file</span><span class="s2">"</span> <span class="k">return </span>1 <span class="k">fi</span> <span class="c"># Get public key from keys.txt</span> <span class="nb">local </span><span class="nv">pubkey</span><span class="o">=</span><span class="si">$(</span><span class="nb">cat</span> ~/.config/sops/age/keys.txt | <span class="nb">grep</span> <span class="s2">"public key"</span> | <span class="nb">cut</span> <span class="nt">-d</span>: <span class="nt">-f2</span> | xargs<span class="si">)</span> sops encrypt <span class="nt">--age</span> <span class="s2">"</span><span class="nv">$pubkey</span><span class="s2">"</span> <span class="s2">"</span><span class="nv">$file</span><span class="s2">"</span> <span class="o">&gt;</span> <span class="s2">"</span><span class="nv">$file</span><span class="s2">.encrypted"</span> <span class="o">&amp;&amp;</span> <span class="nb">mv</span> <span class="s2">"</span><span class="nv">$file</span><span class="s2">.encrypted"</span> <span class="s2">"</span><span class="nv">$file</span><span class="s2">"</span> <span class="nb">echo</span> <span class="s2">"✅ Encrypted: </span><span class="nv">$file</span><span class="s2">"</span> <span class="o">}</span> <span class="c"># Edit an encrypted file (default: .env)</span> edit<span class="o">()</span> <span class="o">{</span> <span class="nb">local </span><span class="nv">file</span><span class="o">=</span><span class="s2">"</span><span class="k">${</span><span class="nv">1</span><span class="k">:-</span><span class="p">.env</span><span class="k">}</span><span class="s2">"</span> <span class="k">if</span> <span class="o">[</span> <span class="o">!</span> <span class="nt">-f</span> <span class="s2">"</span><span class="nv">$file</span><span class="s2">"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"❌ File not found: </span><span class="nv">$file</span><span class="s2">"</span> <span class="k">return </span>1 <span class="k">fi</span> <span class="c"># SOPS automatically decrypts to temp, opens editor, and re-encrypts</span> sops edit <span class="s2">"</span><span class="nv">$file</span><span class="s2">"</span> <span class="o">}</span> <span class="c">## View decrypted contents (default: .env)</span> view<span class="o">()</span> <span class="o">{</span> <span class="nb">local </span><span class="nv">file</span><span class="o">=</span><span class="s2">"</span><span class="k">${</span><span class="nv">1</span><span class="k">:-</span><span class="p">.env</span><span class="k">}</span><span class="s2">"</span> <span class="k">if</span> <span class="o">[</span> <span class="o">!</span> <span class="nt">-f</span> <span class="s2">"</span><span class="nv">$file</span><span class="s2">"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"❌ File not found: </span><span class="nv">$file</span><span class="s2">"</span> <span class="k">return </span>1 <span class="k">fi </span>sops decrypt <span class="s2">"</span><span class="nv">$file</span><span class="s2">"</span> <span class="o">}</span> <span class="c">## Check if file is encrypted</span> isenc<span class="o">()</span> <span class="o">{</span> <span class="nb">local </span><span class="nv">file</span><span class="o">=</span><span class="s2">"</span><span class="k">${</span><span class="nv">1</span><span class="k">:-</span><span class="p">.env</span><span class="k">}</span><span class="s2">"</span> <span class="k">if</span> <span class="o">[</span> <span class="o">!</span> <span class="nt">-f</span> <span class="s2">"</span><span class="nv">$file</span><span class="s2">"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"❌ File not found: </span><span class="nv">$file</span><span class="s2">"</span> <span class="k">return </span>1 <span class="k">fi if </span><span class="nb">grep</span> <span class="nt">-q</span> <span class="s2">"ENC</span><span class="se">\[</span><span class="s2">AES256"</span> <span class="s2">"</span><span class="nv">$file</span><span class="s2">"</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"✅ Encrypted: </span><span class="nv">$file</span><span class="s2">"</span> <span class="k">else </span><span class="nb">echo</span> <span class="s2">"⚠️ Plain text: </span><span class="nv">$file</span><span class="s2">"</span> <span class="k">fi</span> <span class="o">}</span> </code></pre> </div> <h4> Daily Development </h4> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># first encrypt your file first, only one time</span> enc .env <span class="c"># Start your day - edit secrets</span> edit .env <span class="c"># Check if a file is encrypted</span> isenc .env <span class="c"># Output: ✅ Encrypted: .env</span> <span class="c"># Run your dev server with decrypted secrets</span> sops exec-env .env <span class="s1">'npm run dev'</span> <span class="c"># View current secrets (quick check)</span> view .env </code></pre> </div> <h4> Why This Multi-Layer Approach Works </h4> <ol> <li> <strong>Layer 1 (Claude's deny rules)</strong>: Stops accidental reads by a properly behaving Claude</li> <li> <strong>Layer 2 (SOPS encryption)</strong>: Makes the data useless even if bypassed</li> <li> <strong>Layer 3 (Age encryption)</strong>: Ensures only key holders can decrypt</li> <li> <strong>Layer 4 (Git)</strong>: Encrypted files can be safely committed or ignored from git.</li> </ol> <h4> What This Protects Against </h4> <ul> <li>✅ Claude Code ignoring deny rules</li> <li>✅ Accidental exposure in screenshots or copy-paste</li> <li>✅ Repository leaks (encrypted files are useless without keys)</li> <li>✅ Malicious actors with read access to your filesystem</li> </ul> ai security claudecode