"How to Protect Your .env From Claude Code"

Claude Code can write, edit, and delete any file in your project. That's what makes it useful. It's also what makes it dangerous. Your .env has API keys. Your *.pem files have certificates. Your terraform.tfstate has infrastructure secrets. One wrong tool call and Claude overwrites them. The permission prompts help, but they're easy to approve on autopilot. Deep in a coding session, you've already said "yes" fifty times. file-guard is a Claude Code hook that blocks modifications to files you specify. It intercepts Write, Edit, and Bash tool calls before they execute, checks the target against your protected patterns, and blocks anything that would touch a protected file. Setup (2 minutes) Install the hook curl -sL https://raw.githubusercontent.com/Bande-a-Bonnot/Boucle-framework/main/tools/file-guard/install.sh | bash This copies the hook to ~/.claude/hooks/ and wires it into your settings. Define what to protect Create a .file-guard file in your project root: # Secrets .env .env.* *.p