Use Deny Rules to Block Access to Sensitive Files
Claude Code's permission system defaults to asking before accessing files outside your working directory, but it can still read .env files, credentials, and secrets within your project. Deny rules let you draw a hard line.
{
"deny": [
"Read(./.env)",
"Read(./.env.*)",
"Read(./secrets/**)",
"Read(./.aws/credentials)",
"Edit(./.env)",
"Edit(./secrets/**)"
]
}
Add this to your project's .claude/settings.json and commit it. Now Claude Code can't read or edit those files, even if you accidentally approve a broad permission.
Rules are evaluated in order: deny first, then ask, then allow. So deny rules always win, making them a reliable safety net.
You can also deny specific bash commands and web fetches:
{
"deny": [
"Bash(curl *)",
"Bash(wget *)",
"WebFetch"
]
}
This blocks Claude from fetching arbitrary content from the web, which is especially useful when working with untrusted codebases that might contain prompt injection attempts.
For team-wide enforcement, put deny rules in managed settings so individual developers can't override them.
Deny rules are your safety net. Set them once and forget about accidental secret exposure.
Log in to leave a comment.
The autoUpdatesChannel setting pins Claude Code to a stable release track that skips versions with major regressions.
The language setting makes Claude respond in your preferred language by default, across every session and project.
The attribution setting lets you customize or completely remove Claude's Co-Authored-By trailer from git commits and pull requests.