Comment by ericd

I only run claude code inside a docker container that only mounts the directory it's called in, and I make damn sure I don't run it in a way to mount a directory that has any creds in it other than dev infra. Do not mount a home directory with a bunch of . directories (.aws, .ssh, etc). The nice thing about the docker containers otherwise is you need to explicitly choose what to pass in, but getting lazy and passing in things just in case or because it's convenient is asking for trouble.