CR-2026-02-26 - Claude Code Settings Credential Exposure (Emergency)

Change Request Summary

Field Value

CR ID

CR-2026-02-26-001

Status

Emergency

Priority

P0

Requester

evanusmodestus

Date

2026-02-26

Description

EMERGENCY: Remediate multiple credentials exposed in ~/.claude/settings.local.json allowed commands list.

Exposure vector: Hardcoded passwords, API tokens, and secrets management wildcards in Claude Code auto-approve rules.

Affected system: modestus-razer workstation

Discovery

User requested security audit of Claude Code configuration during session. Scan revealed:

# Discovery command
grep -En 'PASSPHRASE=|_PASS=|_TOKEN=|API_KEY|dsec show|dsource|gopass show' ~/.claude/settings.local.json

Exposed Credentials Summary

Category Pattern Risk Count

BORG Backup

BORG_PASSPHRASE="<plaintext>"

Backup repository access

4

ISE ERS API

ISE_API_TOKEN="<base64>"

ISE admin access

10+

ISE DataConnect

ISE_DC_PASS=<plaintext>

ISE database access

3

pfSense API

X-API-Key: <hex>

Firewall admin access

1

Secrets Wildcards

dsec show:*, dsource d000:*

Access to ALL secrets

4

Decrypt Wildcard

~/.secrets/bin/decrypt-file:*

Decrypt any file

1

Remediation Actions

Phase 1: Remove Dangerous Patterns from settings.local.json

Commands executed by Claude to identify and remove entries:

# Search for dangerous patterns
grep -En 'dsec show|dsource|BORG_PASSPHRASE|ISE_API_TOKEN|X-API-Key' ~/.claude/settings.local.json

Entries removed:

# Secrets wildcards (allowed access to ANY secret)
Bash(dsec show:*)
Bash(dsource d000:*)
Bash(~/.secrets/bin/dsec:*)
Bash(~/.secrets/bin/decrypt-file:*)

# Hardcoded BORG password (4 entries)
Bash(export BORG_PASSPHRASE="<redacted>")
Bash(sudo BORG_PASSPHRASE="<redacted>" borg list:*)
Bash(sudo BORG_PASSPHRASE=<redacted> borg list:*)

# Hardcoded ISE tokens (10+ entries)
Bash(ISE_API_TOKEN="<base64>":*)
Bash(ISE_PAN_IP=... ISE_API_TOKEN="<base64>" uv run:*)
Bash(TOKEN="<base64>" curl ...)

# Hardcoded ISE passwords
Bash(ISE_API_PASS="<plaintext>" uv run:*)
Bash(ISE_DC_PASS=<plaintext> timeout 10 uv run:*)
Bash(ISE_DATACONNECT_PASS=<plaintext> timeout 15 uv run:*)

# Hardcoded pfSense API key
Bash(do echo '=== /api/v2/$ep ===' curl -ks -H 'X-API-Key: <hex>' ...)

# Specific dsec show paths
Bash(~/.secrets/bin/dsec show d000 dev/network)
Bash(~/.secrets/bin/dsec show d000 dev/storage)

Safe patterns retained:

# Variable references (not hardcoded values)
Bash(sudo BORG_PASSPHRASE="$BORG_PASSPHRASE" borg list:*)

# Tools that use dsource internally at runtime
Bash(netapi ise:*)

# Listing (not showing)
Bash(gopass ls:*)

Phase 2: Clean Shell History

Password found in shell history files:

# Discovery
grep -c '<password-pattern>' ~/.bash_history ~/.zsh_history
# /home/evanusmodestus/.bash_history:5
# /home/evanusmodestus/.zsh_history:2

Remediation commands (executed by user):

# Clean bash history
grep -v '<password-pattern>' ~/.bash_history > /tmp/bash_clean && \
  mv /tmp/bash_clean ~/.bash_history

# Clean zsh history
grep -v '<password-pattern>' ~/.zsh_history > /tmp/zsh_clean && \
  mv /tmp/zsh_clean ~/.zsh_history

Verification:

grep -c '<password-pattern>' ~/.bash_history ~/.zsh_history
# /home/evanusmodestus/.bash_history:0
# /home/evanusmodestus/.zsh_history:0

Phase 3: Final Verification

# Verify no dangerous patterns remain
grep -En 'PASSPHRASE=.*[^$]|_PASS=.*[^$]|_TOKEN=|API_KEY|dsec show|dsource d000|gopass show' \
  ~/.claude/settings.local.json

# Expected: Only variable references like $BORG_PASSPHRASE

Pending Actions

Priority Action Status

P0

Rotate BORG backup passphrase

PENDING

P1

Rotate ISE ERS API credentials

PENDING

P1

Rotate pfSense API key

PENDING

P2

Rotate ISE DataConnect password

PENDING

P2

Audit other workstations for similar exposure

PENDING

Root Cause Analysis

Claude Code’s auto-approve system (settings.local.json) accumulated allowed commands over time without review. When commands with credentials were approved during interactive sessions, the full command including secrets was persisted.

Prevention

  1. Never approve commands containing literal credentials - Use $VAR references only

  2. Periodic audit - Review settings.local.json monthly for credential exposure

  3. CLAUDE.md rules - Already has FORBIDDEN section for secrets, but settings.local.json bypasses this

  4. Pre-commit hook - Consider adding hook to detect credentials in config files

Lessons Learned

Issue Mitigation

Auto-approve persists full command text

Only approve commands with $VAR references, never literal values

Wildcards grant excessive access

Never allow dsec:* or dsource:* - too broad

Shell history contains secrets

Use HISTCONTROL=ignorespace and prefix sensitive commands with space

No periodic config review

Add monthly review of ~/.claude/settings.local.json to maintenance calendar

Approval

Role Name Date

Requester

evanusmodestus

2026-02-26

Approver

evanusmodestus

2026-02-26 (Emergency)

Related