A better way to limit Claude Code (and other coding agents!) access to Secrets (opens in new tab)

Last week I wrote a thing about how to run Claude Code when you don’t trust Claude Code. I proposed the creation of a dedicated user account & standard unix access controls. The objective was to stop Claude from dancing through your .env files, eating your secrets. There are some usability problems with that approach- I found a better approach and I wanted to share.