I hate to break it to y’all but if Claude Code REALLY wanted to read your environment variables, it could just modify your application to print them out and read the logs. You’re anyways better off without a .env anyways with: infisical run — npm run dev This way there won’t

1 min read Original article ↗

I hate to break it to y’all but if Claude Code REALLY wanted to read your environment variables, it could just modify your application to print them out and read the logs. You’re anyways better off without a .env anyways with: infisical run — npm run dev This way there won’t be any .env to scour in the first place. ✌🏻

user avatar

CLAUDE CODE CAN READ YOUR .ENV FILES BY DEFAULT. Your API keys. Your database passwords. Your secret tokens. All of it visible to the agent unless you tell it otherwise. One setting. Two minutes. Fixes it completely. Add this to your CLAUDE.md right now: Secure your stack