This matches my experience. I work across a multi-repo microservice setup with Claude Code and the .env file is honestly the least of it.

The cases that bite me:

1. Docker build args — tokens passed to Dockerfiles for private package installs live in docker-compose.yml, not .env. No .env-focused tool catches them.

2. YAML config files with connection strings and API keys — again, not .env format, invisible to .env tooling.

3. Shell history — even if you never cat the .env, you've probably exported a var or run a curl with a key at some point in the session.

The proxy/surrogate approach discussed upthread seems like the only thing that actually closes the loop, since it works regardless of which file or log the secret would have ended up in.