Preventing Claude access to potentially sensitive files

Seed Last tended: First planted:
#ai #security

.claude/settings.json

This can be applied through the Claude team settings so it is enforced to everyone in the organisation.

An example that could be applied to everyone:

{
  "permissions": {
    "deny": [
      "Read(./.env)",
      "Read(./.env.*)",
      "Read(*.sql)",
      "Bash(cat .env)",
      "Bash(cat .env.*)",
      "Bash(cat *.sql)",
      "Bash(grep .env)",
      "Bash(grep .env.*)",
      "Bash(grep *.sql)",
      "Bash(git push --force *)",
      "Bash(git push * --force)",
      "Bash(rm -rf *)"
    ],
    "disableBypassPermissionsMode": "disable"
  }
}

Sandboxing

Sandboxing restricts Bash commands by running them with file system and network isolation, keeping them from accessing file from outside the project directory. In Linux it uses bubblewrap

It could be enforced centrally using the .claude/settings.json file:

{
  "sandbox": {
    "enabled": true,
    "filesystem": {
      "denyRead": ["~/"],
      "allowRead": ["."]
    }
  }
}

Dev containers

Anthropic provide and example devcontainer for running Claude in a Docker container. We could consider adding this to our Lando configuration so we have a sandboxed Claude always available for client projects.

Links

  • https://code.claude.com/docs/en/security
  • https://code.claude.com/docs/en/permissions
  • https://code.claude.com/docs/en/sandboxing
  • https://code.claude.com/docs/en/devcontainer
  • https://dev.to/klement_gunndu/lock-down-claude-code-with-5-permission-patterns-4gcn

Links

  • [[2026-W16]]

Related Items

Digital Garden

Last tended: Invalid DateTime
Sapling

A collection of interconnected thoughts, projects, and writings growing organically over time

Backlinks