Deny Access to .env Files
.env files often contain secrets such as API keys, database passwords, service tokens, production configuration, and private credentials.
Recommended guidance
Section titled “Recommended guidance”Deny access to .env files by default.
If Claude needs a value, provide a redacted example or one specific non-sensitive variable instead of exposing the whole file.
Example policy
Section titled “Example policy”Read .env files: DenyRead source files: AllowRun tests: AllowInstall packages: AskDelete files: Ask