Claude Code plugin credentials: what the new keychain storage does and doesn't do

Claude Code 2.1.83 shipped plugin credential management. It's worth understanding exactly what it does before you build on top of it, because the security story is better than most people expect in some ways and the design pattern around it matters more than the feature itself. What shipped When a user installs a plugin, Claude Code now prompts for any configuration it needs upfront — API keys, tokens, whatever the plugin declares. Those values go into the OS keychain. macOS Keychain on Mac, Windows Credential Manager on Windows. Not a config file. Not ~/.claude/settings.json . Not a .env sitting in your project directory. The immediate practical win: credentials don't end up in plaintext somewhere that gets accidentally committed to git, scraped by a background process, or left on a shared machine. There's a companion feature in the same release: CLAUDE_CODE_SUBPROCESS_ENV_SCRUB=1 . This strips credentials from subprocess environments — the bash tool, hooks, and MCP stdio servers. Mor

Claude Code plugin credentials: what the new keychain storage does and doesn't do

Related Articles

Saatva HD Mattress Review: A Solution for Heavy-Bodied Sleepers

Middleware patterns in Go without over-engineering

I Thought Learning More Tech Would Make Me a Better Developer — I Was Wrong

How to Take Perfect App Store Screenshots Using Xcode Simulator (No Device Needed)

Factor Promo Code: 50% Off Off Meal Prep

Related Articles

How-To
Saatva HD Mattress Review: A Solution for Heavy-Bodied Sleepers
Wired • 4h ago

How-To
Middleware patterns in Go without over-engineering
Medium Programming • 5h ago

How-To
I Thought Learning More Tech Would Make Me a Better Developer — I Was Wrong
Medium Programming • 7h ago

How-To
How to Take Perfect App Store Screenshots Using Xcode Simulator (No Device Needed)
Medium Programming • 8h ago

How-To
Factor Promo Code: 50% Off Off Meal Prep
Wired • 8h ago