/rules / secrets-single-source
RULE 0.8 Secrets Single Source
Every token lives in ONE file: ~/.claude/secrets/.env (+ per-project secrets/*.env).
Inline tokens require code edits to rotate and copy easily into chat or commits.
Code references by ENV var name only. Hardcoding = hard block.
| id | RULE 0.8 |
| scope | topic |
| file | ~/.claude/rules/secrets-single-source.md |
[hook] hooks/_rust/secrets-guard
▸ all hooks