𝗛𝗼𝘄 𝘁𝗼 𝗚𝗼𝘃𝗲𝗿𝗻 𝗖𝗹𝗮𝘂𝗱𝗲 𝗖𝗼𝗱𝗲 𝗔𝗰𝗿𝗼𝘀𝘀 𝗬𝗼𝘂𝗿 𝗧𝗲𝗮𝗺
Claude Code is a terminal tool with full filesystem access. It is not a web app. Treat its settings files like executable code. Two vulnerabilities in 2026 showed that malicious repo files can run commands or steal API keys.
Fix these 4 security gaps to protect your team:
- Centralize API Key Management Developers often use personal keys or store them in local files. This creates no audit trail.
- Issue keys through the Anthropic Admin Console.
- Set expiration dates on all keys.
- Use AWS Secrets Manager or HashiCorp Vault.
- Route traffic through an AI gateway so keys never stay on developer machines.
- Control Model Usage and Costs You need to know which models your team uses and how much they cost.
- Set the ANTHROPIC_BASE_URL variable to point to your gateway.
- This gives you request traces and rate limits.
- You can set budget caps and approve specific models.
- Block Access to Sensitive Files Claude Code can read .env files, .ssh folders, and AWS credentials. A malicious repo can send this data to an attacker.
- Use MDM tools like Jamf or Ansible to push a managed-settings.json file.
- Add deny rules for files like .env, .ssh, and secrets folders.
- Force the tool to ask for permission before writing files or pushing code.
- Audit MCP Servers MCP servers run with the same permissions as Claude Code. A bad server can steal data or run commands.
- Audit every MCP server before your team uses it.
- Restrict which servers can be installed via managed settings.
- Run MCP servers in a sandbox if possible.
Summary Checklist: • Use MDM to set the ANTHROPIC_BASE_URL at the OS level. • Use managed-settings.json to lock configurations. • Deny filesystem access to secrets. • Audit all MCP servers. • Rotate API keys every quarter.
If you use server-managed settings in the Anthropic Console, remember that a custom ANTHROPIC_BASE_URL can bypass them. Use MDM to ensure your security rules stay in place.
Optional learning community: https://t.me/GyaanSetuAi