Every Claude Code session gets logged. That includes the API keys, database passwords, and access tokens that inevitably show up during development work.
A security analysis published this week details how Claude Code writes full conversation transcripts to disk as plaintext files inside the ~/.claude/projects/ directory. These session logs capture everything: your prompts, Claude's responses, and critically, the output of every terminal command and file read. If Claude runs a command that prints your AWS credentials, those credentials now sit in a JSONL file on your local disk, unencrypted.
The concern isn't theoretical. Developers routinely debug environment variables, inspect config files, and test API connections through Claude Code. Each of those interactions can pull secrets into the conversation log. And because the ~/.claude directory lives in your home folder rather than inside any project, it's easy to overlook in security audits or backup exclusions.
This is a design tradeoff, not a bug. Session persistence is what lets Claude Code maintain context across conversations and reference prior work. But the security implications deserve attention, especially for developers working with production credentials or on shared machines.
A few practical steps to limit exposure: avoid piping secrets directly through Claude Code sessions, use environment variable references instead of raw values when possible, and consider adding ~/.claude to your backup exclusion list. If you're on a shared workstation, the risk profile goes up significantly since anyone with filesystem access can read those logs.
Anthropic's Claude Code is one of the most capable coding assistants available, but like any tool that records your terminal activity, it creates a secondary copy of sensitive data that most developers aren't thinking about. The fix here is awareness, not avoidance.