CR-2026-02-26: Credential Exposure — Risk & Comms

Prevention Checklist

When Approving Commands

Never approve commands with literal credentials
Use $VAR references only (e.g., $BORG_PASSPHRASE)
Never approve dsec show:* or dsource:* wildcards
Never approve gopass show:* wildcards
Never approve decrypt wildcards

Periodic Review

Monthly audit of ~/.claude/settings.local.json
Search for PASSPHRASE=, TOKEN=, API_KEY patterns
Remove any entries with hardcoded values
Verify shell history doesn’t contain secrets

Shell Configuration

# Add to .bashrc/.zshrc
export HISTCONTROL=ignorespace
export HISTIGNORE="*PASSPHRASE*:*TOKEN*:*PASSWORD*:dsec*:gopass show*"

Key Lessons

Issue Mitigation

Issue	Mitigation
Auto-approve persists full command text	Only approve commands with `$VAR` references, never literal values
Wildcards grant excessive access	Never allow `dsec:` or `dsource:` - too broad
Shell history contains secrets	Use `HISTCONTROL=ignorespace` and `HISTIGNORE`
No periodic config review	Add monthly review to maintenance calendar

Auto-approve persists full command text

Only approve commands with $VAR references, never literal values

Wildcards grant excessive access

Never allow dsec:* or dsource:* - too broad

Shell history contains secrets

Use HISTCONTROL=ignorespace and HISTIGNORE

No periodic config review

Add monthly review to maintenance calendar

The Claude Code auto-approve system is a credential exposure vector.

Every approved command is stored in plaintext. If you ever approved a command with a hardcoded credential, that credential is now in settings.local.json until you remove it.