If you're using Claude Code or other coding agents, check whether they have access to your secrets. Many developers assume .env files are protected by default, but they are not.
In Claude Code, the interactive permission prompt is the only barrier, and it's easy to click through without thinking. To fix this, you can add a deny rule in your global Claude Code settings (see screenshot).
It takes 30 seconds to set up, and it's the kind of thing you only think about after something goes wrong.
Recent articles
- Hyphens and Dashes - 16th March 2026
- Context Windows Are Limited by Atoms, Not Bits - 1st March 2026
- My Own Little Corner of the Internet - 22nd February 2026