Claude Code 有访问文件系统、执行命令的能力,用好了效率翻倍,用不好可能引入安全风险。本文整理团队使用 Claude Code 的安全规范,从个人配置到企业管控全覆盖。
权限最小化原则
Claude Code 默认每次执行敏感操作都会询问确认,但可以通过配置预先允许或禁止特定命令。
json
// .claude/settings.json(项目级,提交到 git)
{
"permissions": {
"allow": [
"Bash(npm run *)",
"Bash(git add *)",
"Bash(git commit *)",
"Bash(git push origin feature/*)",
"Read(**)",
"Write(src/**)",
"Write(tests/**)",
"Write(docs/***)"
],
"deny": [
"Bash(rm -rf *)",
"Bash(curl * | bash)",
"Bash(wget * | sh)",
"Bash(git push origin main)",
"Bash(git push --force *)",
"Write(.env*)",
"Write(*.pem)",
"Write(*.key)"
]
}
}关键原则:
- allow 列表只列必须的操作
- deny 列表明确禁止危险操作
- deny 优先级高于 allow
保护敏感文件
json
// 禁止读取和修改敏感文件
{
"permissions": {
"deny": [
"Read(.env*)",
"Read(*.pem)",
"Read(*.key)",
"Read(secrets/**)",
"Write(.env*)",
"Write(*.pem)"
]
}
}CLAUDE.md 安全策略
在项目的 CLAUDE.md 里写明安全规则,Claude 会在整个会话中遵守:
markdown
## Security Rules
NEVER do the following without explicit confirmation:
- Modify .env or any file containing credentials
- Execute database migration scripts in production
- Push to main/master branch directly
- Log or print API keys, passwords, or tokens
- Make external network requests to non-API endpoints
ALWAYS:
- Use environment variables for secrets, never hardcode
- Add .gitignore entries for any new secret files
- Use parameterized queries, never string concatenation for SQL
- Validate and sanitize user input before use环境变量安全
bash
# 好:从环境变量读取
export DATABASE_URL=postgresql://...
export API_KEY=sk-...
# 告诉 Claude
# "All secrets are in environment variables.
# Never hardcode them or print them in logs."python
# Claude 会生成这样的代码(好)
import os
api_key = os.environ.get('ANTHROPIC_API_KEY')
if not api_key:
raise ValueError('ANTHROPIC_API_KEY not set')
# Claude 不会生成这样的代码(坏)
api_key = 'sk-ant-xxxxx' # hardcoded!企业团队管控配置
IT 管理员可以部署不可覆盖的策略文件:
json
// /Library/Application Support/ClaudeCode/managed-settings.json(macOS)
// /etc/claude-code/managed-settings.json(Linux)
{
"model": "claude-sonnet-4-5",
"permissions": {
"deny": [
"Bash(curl * | bash)",
"Bash(wget * | sh)",
"Bash(sudo *)",
"Write(/etc/**)",
"Write(/usr/**)",
"Write(~/.ssh/**)",
"Bash(ssh *)"
]
},
"env": {
"ANTHROPIC_API_KEY": "sk-ant-company-key"
}
}此配置文件优先级最高,用户无法覆盖。
CI/CD 密钥保护
yaml
# GitHub Actions:密钥存在 Secrets,不要硬编码
jobs:
claude-task:
steps:
- run: claude -p "Fix bugs"
env:
ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
# 不要这样
# ANTHROPIC_API_KEY: sk-ant-xxxxx代码审查安全检查清单
让 Claude Code 自动检查安全问题:
Review this code change for security issues.
Specifically check for:
1. Hardcoded credentials or API keys
2. SQL injection vulnerabilities
3. XSS or injection vulnerabilities
4. Sensitive data in logs
5. Insecure random number generation
6. Missing input validation
7. Overly permissive CORS or CSP settings
8. Exposed internal error messages to users
Report each issue with file, line number, and fix suggestion.
防泄漏 10 条规则
- 永不提交 .env 文件:在
.gitignore里加.env* - 密钥轮换:定期更换 API Key,发现泄漏立即撤销
- 最小权限:settings.json 的 allow 列表只列必要操作
- 保护 main 分支:deny
git push origin main - 日志脱敏:让 Claude 生成代码时不 print 敏感字段
- 不要在 Prompt 里粘贴密钥:用环境变量传递
- 审查 Claude 的修改:特别是涉及认证和权限的代码
- 沙箱环境测试:危险操作先在开发环境验证
- 定期审计 .claude/settings.json:检查 allow 列表是否过宽
- 团队 CLAUDE.md:把安全规则写进去,所有人共享
来源:Claude Code Security - Anthropic 官方文档