| ▲ | ogrisel 2 hours ago | |
How do you deny access to prod credentials from an assistant running on your dev machine assuming you need to store them on that same machine to do manual prod investigation/maintenance work from that machine? | ||
| ▲ | victorbuilds 2 hours ago | parent | next [-] | |
I keep them in env variables rather than files. Not 100% secure - technically Claude Code could still run printenv - but it's never tried. The main thing is it won't stumble into them while reading config files or grepping around. | ||
| ▲ | fragmede 6 minutes ago | parent | prev [-] | |
chown other_user; chmod 000; sudo -k | ||