Issue Station
Sign In
Tools hereToolbox

claude-code - 💡(How to fix) Fix Fresh install should include default deny rules for credential paths [1 participants]

Official PRs (…)
ON THIS PAGE

Recommended Tools

×6

Utilities matched from this issue’s tags and category — try them while you read without losing context.

GitHub issue graph ai analysis

Paste a GitHub issue URL. We fetch that issue, discover linked issues from bodies/comments/timeline, collect linked pull requests, and produce a structured English report.

The report is written in English Markdown for sharing and archival.

Helpful · Quick feedback

Loading…
GitHub stats
anthropics/claude-code#46741Fetched 2026-04-12 13:34:16
View on GitHub
Comments
0
Participants
1
Timeline
4
Reactions
0
Author
crombiemancrombieman
Participants
crombiemancrombieman
Timeline (top)
labeled ×3referenced ×1

A fresh Claude Code installation has zero permission deny rules. Credential files at well-known paths are fully accessible out of the box:

  • ~/.ssh/ (SSH keys)
  • ~/.aws/ (AWS credentials)
  • ~/.gnupg/ (GPG keys)
  • ~/.kube/ (Kubernetes configs)
  • ~/.npmrc (npm tokens)
  • ~/.git-credentials (Git credentials)
  • ~/.config/gh/ (GitHub CLI tokens)

Root Cause

Most developers never configure security settings (the article that prompted this research had 911K views — indicating the vast majority of users hadn't thought about this). Secure defaults protect the users who need it most — the ones who don't know to configure it.

Code Example

{
  "permissions": {
    "deny": [
      "Read(~/.ssh/**)",
      "Read(~/.gnupg/**)",
      "Read(~/.aws/**)",
      "Read(~/.azure/**)",
      "Read(~/.kube/**)",
      "Read(~/.npmrc)",
      "Read(~/.git-credentials)",
      "Read(~/.config/gh/**)"
    ]
  }
}
RAW_BUFFERClick to expand / collapse

Description

A fresh Claude Code installation has zero permission deny rules. Credential files at well-known paths are fully accessible out of the box:

  • ~/.ssh/ (SSH keys)
  • ~/.aws/ (AWS credentials)
  • ~/.gnupg/ (GPG keys)
  • ~/.kube/ (Kubernetes configs)
  • ~/.npmrc (npm tokens)
  • ~/.git-credentials (Git credentials)
  • ~/.config/gh/ (GitHub CLI tokens)

Proposed fix

Ship a default settings.json (or built-in default) that denies Read access to common credential paths. Users who need Claude to access these paths can explicitly remove the deny rules — opt-out is safer than opt-in for credential access.

Suggested defaults:

{
  "permissions": {
    "deny": [
      "Read(~/.ssh/**)",
      "Read(~/.gnupg/**)",
      "Read(~/.aws/**)",
      "Read(~/.azure/**)",
      "Read(~/.kube/**)",
      "Read(~/.npmrc)",
      "Read(~/.git-credentials)",
      "Read(~/.config/gh/**)"
    ]
  }
}

Why this matters

Most developers never configure security settings (the article that prompted this research had 911K views — indicating the vast majority of users hadn't thought about this). Secure defaults protect the users who need it most — the ones who don't know to configure it.

Environment

  • Claude Code 2.1.84
  • Windows 10

extent analysis

TL;DR

To address the security vulnerability, ship a default settings.json with deny rules for common credential paths, allowing users to opt-out if needed.

Guidance

  • Implement the proposed settings.json with deny rules for sensitive paths, such as ~/.ssh/, ~/.aws/, and ~/.kube/, to restrict access by default.
  • Consider adding a clear documentation or prompt to inform users about the new default settings and the option to remove deny rules if necessary.
  • Review the suggested defaults to ensure they cover all relevant credential paths and are consistent with the application's security requirements.
  • Test the updated settings.json to verify that it correctly denies access to the specified paths and allows users to opt-out as intended.

Example

{
  "permissions": {
    "deny": [
      "Read(~/.ssh/**)",
      "Read(~/.gnupg/**)",
      "Read(~/.aws/**)",
      "Read(~/.azure/**)",
      "Read(~/.kube/**)",
      "Read(~/.npmrc)",
      "Read(~/.git-credentials)",
      "Read(~/.config/gh/**)"
    ]
  }
}

Notes

This solution assumes that the settings.json file is used to configure permissions in Claude Code. The effectiveness of this fix depends on the application's implementation of permission handling and the user's ability to opt-out of the default deny rules.

Recommendation

Apply the proposed workaround by shipping a default settings.json with deny rules for common credential paths, as it provides a safer default configuration for users who may not be aware of the security implications.

Vote matrix · Quick signals

Works
Did the solution work? Tap to confirm.
Easy Fix
Was it a quick fix?
Time Saver
Did it save you time?
Blocking
Was it severely blocking?
Common Issue
Are others likely hitting this too?
Flaky / Intermittent
Is it intermittent?
Verified / Reproducible
Can you reproduce it reliably?
Loading…
#installation#response parsing#generation error#database connection#vector store

Still need to ship something?

×6

Another batch ranked right after the header list — different links, same matching logic.

Back to top recommendations

TRENDING

claude-code - 💡(How to fix) Fix Fresh install should include default deny rules for credential paths [1 participants]