When you give an AI agent access to your codebase, terminal, and external services, security isn’t optional — it’s the first thing you should configure. Claude Code has robust security features built in, but they only work if you understand and use them correctly.
At Markana Media, we’ve deployed Claude Code across client projects handling sensitive data, API credentials, and production systems. Here’s our security playbook — the policies, configurations, and practices that keep our operations safe.
Understanding Claude Code’s Permission Model
Claude Code operates on an explicit permission system. Before it can read files, write code, run commands, or access external services, it needs your approval. The permission model has several layers:
Interactive approval: In the most restrictive mode, Claude Code asks for permission before every action — reading a file, editing code, running a terminal command. You review each action and approve or deny it.
Auto-approve safe operations: You can configure Claude Code to automatically approve low-risk operations (file reads, code searches, directory listings) while still requiring approval for higher-risk actions (file writes, command execution, git pushes).
Full trust mode: For environments where you want maximum speed, Claude Code can auto-approve most operations. Use this only in sandboxed development environments, never in production-connected setups.
The right permission level depends on your context. For client work with production credentials, we use restrictive permissions. For internal prototyping in a sandboxed environment, we use auto-approve. Always match the permission level to the risk.
Preventing Credential Leaks
The most common security risk with AI coding tools is accidentally exposing credentials — API keys, database passwords, authentication tokens, and private keys. Here’s how to prevent it:
Never commit secrets to your repository. Use .gitignore to exclude credential files (.env, credentials.json, *.pem). Claude Code respects your .gitignore and won’t include excluded files in commits. But verify this — add a CLAUDE.md rule: “Never commit files that contain API keys, passwords, or tokens.”
Use environment variables. Store credentials in environment variables or external secret managers, not in code files. When Claude Code writes code that needs credentials, it should reference process.env.API_KEY or equivalent, never hardcode the value.
Use separate credential files. We store WordPress credentials, API keys, and service account files in ~/.claude/ — outside any git repository. CLAUDE.md references these paths so Claude Code knows where to find them without exposing them in code.
Review before pushing. Even with .gitignore protection, always review staged files before pushing. Claude Code’s /commit command shows you exactly what’s being committed — check for accidental credential inclusions.
Writing Secure Code With Claude Code
Claude Code is trained to write secure code by default, but it benefits from explicit security guidelines in your CLAUDE.md:
Input validation: Add a rule like “Always validate and sanitize user input at system boundaries. Never trust data from external sources without validation.” Claude Code follows this consistently when building API endpoints, form handlers, and data processors.
SQL injection prevention: Claude Code uses parameterized queries by default, but reinforce it: “Never use string concatenation for SQL queries. Always use parameterized queries or prepared statements.”
XSS prevention: “Always escape HTML output. Use framework-provided escaping functions (e.g., wp_kses_post() in WordPress, DOMPurify in frontend JS). Never use innerHTML with user-provided content.”
Authentication and authorization: “Every API endpoint must verify authentication. Use middleware for auth checks, not per-route logic. Implement least-privilege access — endpoints should only access what they need.”
Dependency security: Claude Code can check for known vulnerabilities in your dependencies. “Before adding any new package, check if it has known CVEs. Prefer well-maintained packages with recent updates.”
Securing Automated Workflows
Automated Claude Code workflows (CI/CD, scheduled tasks, event-driven pipelines) need additional security consideration:
Principle of least privilege: Give automated workflows only the permissions they need. If a content generation agent only needs to create WordPress drafts, its API credentials should only have draft creation permissions — not admin access.
Secret management in CI: Store all credentials as encrypted GitHub Secrets (or your CI platform’s equivalent). Never hardcode them in workflow files. Reference them via environment variables in your scripts.
Output validation: Automated agents should have validation gates. Our content generation agent creates drafts, not published posts — a human reviews before anything goes live. Automated code changes create PRs, not direct commits to main. Always include a human checkpoint for public-facing output.
Audit logging: Log every action your automated workflows take. When something goes wrong at 3 AM, you need to trace exactly what happened. Include timestamps, actions taken, API responses, and decisions made.
Rate limiting and spending caps: Set daily API spending limits on all automated workflows. A bug in your automation shouldn’t be able to drain your API budget overnight. Most providers support spending caps — use them.
CLAUDE.md Security Checklist
Every project’s CLAUDE.md should include a security section. Here’s our template:
## Security Rules (Non-Negotiable)
- Never commit files containing API keys, passwords, or tokens
- Never hardcode credentials in source files
- Always use parameterized queries for database operations
- Always validate and sanitize user input
- Always escape HTML output
- Never run destructive commands (rm -rf, DROP TABLE) without explicit confirmation
- Never push to main/master without PR review
- Store credentials in ~/.claude/ or environment variables, never in the repo
- API endpoints must verify authentication via middleware
- Never log sensitive data (passwords, tokens, PII)Claude Code reads this at the start of every session and follows these rules consistently. It’s the simplest and most effective security control available.
Data Privacy Considerations
When using Claude Code, your code and conversations are sent to Anthropic’s servers for processing. Important considerations:
Anthropic’s data policy: As of 2026, Anthropic does not use Claude Code conversations to train its models. Your code stays private. Check Anthropic’s current data usage policy for the latest details.
Enterprise deployment: For organizations with strict data residency requirements, Claude Code can run through Amazon Bedrock, Google Vertex AI, or Microsoft Foundry — keeping data within your cloud infrastructure.
Sensitive code: If your codebase contains proprietary algorithms, trade secrets, or classified information, evaluate whether cloud-based AI code assistance is appropriate for your compliance requirements. Many organizations use Claude Code for non-sensitive projects while keeping classified work in isolated environments.
Security with AI coding tools is about layered defenses: permission controls, credential management, CLAUDE.md rules, automated validation, and human review gates. No single control is sufficient, but together they create a robust security posture.
If you need help securing your Claude Code deployment or building secure automated workflows, our AI automation team includes security configuration as part of every engagement. Talk to us about your security requirements.