alt Hacker NewsThe JSONL logs are the part this doesn't address. Even if the agent never reads .env directly, once it uses a secret in a tool call — a curl, a git push, whatever — that ends up in Claude Code's conversation history at `~/.claude/projects/*/`. Different file, same problem.
This matches my experience. I work across a multi-repo microservice setup with Claude Code and the .env file is honestly the least of it.
The cases that bite me:
1. Docker build args — tokens passed to Dockerfiles for private package installs live in docker-compose.yml, not .env. No .env-focused tool catches them.
2. YAML config files with connection strings and API keys — again, not .env format, invisible to .env tooling.
3. Shell history — even if you never cat the .env, you've probably exported a var or run a curl with a key at some point in the session.
The proxy/surrogate approach discussed upthread seems like the only thing that actually closes the loop, since it works regardless of which file or log the secret would have ended up in.