was a few hours into a session last week and needed claude to call linear. didn’t have the mcp wired so i copied the api key from the dashboard and pasted it into the chat (easier, dummy project anyways). realized later that key is now in: the transcript, the /resume restore points, probably the session log file. and that’s just one tool! i went and counted - claude code on my machine has line-of-sight to 14 different credentials right now through various mcp configs, env vars, .json files, the shell rc. that’s not a claude problem specifically, every agentic cli is in the same shape. but the surface area surprised me. the thing i ended up doing - running everything behind a local http proxy (authsome, i maintain it, oss). claude’s env literally has LINEAR_API_KEY=placeholder, the proxy swaps in the real value only on outbound requests. nothing real lives in the agent’s process. not posting this as a setup guide. mostly curious if other people have done the audit. how many keys does claude code actually see on your machine right now? is it okay for these agents to read the key? on scale of 1-10, how bad is this ? submitted by /u/Only-Associate2698
Originally posted by u/Only-Associate2698 on r/ClaudeCode