A while ago I added my .env file to the settings.json as permission denied. It worked, claude code couldnt access that file anymore. There is also an instruction in the CLAUDE.md , but just for backup, as its not very reliable. Today, Claude Code randomly referenced an information that it could only have gotten from reading out information from the .env file. Turns out, it got that data by me simply having that file open in the IDE. It leads to data from that file being passed to Claude’s context. Here is the explanation that Claude itself gave: When you select lines in your IDE (PyCharm), the Claude Code IDE extension sends the selected text as a system reminder in the conversation, including the full content of the selected lines. This happens automatically as context for the AI, even for .env files. So if you highlight a line in .env that contains API_KEY=sk-abc123, the full line gets sent to the model. The CLAUDE.md rule that says “never read .env files” only prevents the AI from using the Read tool on those files - it doesn’t block the IDE from sending selected content. Worth being aware of if you have sensitive credentials in files you’re browsing while Claude Code is running. I guess thats more an issue with the IDE extension than Claude code though. Anybody knows if its possible to remove that feature for specific files? submitted by /u/alldeltav
Originally posted by u/alldeltav on r/ClaudeCode