Claude Code is an AI coding agent that runs in your terminal, and it needs credentials to call the Anthropic API. Understanding how to set up and protect your claude code api key correctly keeps your account secure and prevents billing surprises.
What is a Claude Code API key?
A Claude Code API key is an Anthropic API credential that authorizes Claude Code to call the Claude model on your behalf. It is the same type of key you would use to call the Anthropic API directly, created through console.anthropic.com. Claude Code reads it from the ANTHROPIC_API_KEY environment variable or through its OAuth flow. Because it is linked to your Anthropic account, it controls both access and billing.
Why does Claude Code API key security matter?
Claude Code runs directly on your machine with access to your terminal, file system, and development environment. If the credential it uses is exposed, an attacker can run inference against your account. Unlike a web application where credentials live on a server, Claude Code's credentials exist on your local machine alongside your code and project files. In 2025, over 24,000 secrets were found in MCP configuration files on public GitHub, with more than 2,100 confirmed active. Coding agent credentials are a common leak vector because they often end up in configuration files that developers commit without reviewing.
How do I set up a Claude Code API key securely?
Option 1: OAuth (recommended for personal use). Run /login inside Claude Code. This opens a browser-based authentication flow that generates a short-lived token. You do not manage a key directly. This is the simplest and most secure approach for individual developers.
Option 2: API key via environment variable. If you prefer a persistent key or need it for automation:
- Go to console.anthropic.com and navigate to API Keys.
- Click Create Key and give it a descriptive name (for example,
claude-code-dev-machine). - Set the environment variable in your shell profile: add
export ANTHROPIC_API_KEY=your_key_hereto~/.bashrc,~/.zshrc, or equivalent. Do not put the actual key in a.envfile that might be committed. - Run
/statusinside Claude Code to verify authentication is working.
Restrict the key. Use the project-scoping features in the Anthropic console to limit what the key can access. Create one key per machine or context rather than reusing the same key everywhere.
Set a monthly budget. Configure a spending limit in the Anthropic console. This limits the financial exposure if the key is misused before you notice.
Check configuration. Run /config inside Claude Code to review how your key and preferences are set. The apiKeyHelper setting lets you configure a script to retrieve credentials dynamically from a secrets manager — useful for production or team environments where you want the key injected at runtime rather than stored in a shell profile. For a guide to choosing and setting up a secrets manager, see How to Store API Keys Securely in AI Projects.
What are common mistakes to avoid?
- Storing the key in a
.envfile inside a project directory that might be committed - Using the same key for Claude Code and other applications or automation
- Not setting a spending limit on the key
- Forgetting to revoke keys from machines that are decommissioned or shared
What do I do if my Claude Code API key is exposed?
If you find your Anthropic API key in a public repository, MCP configuration file, or log, treat it as compromised immediately. Claude Code credentials are a common leak vector because they often live in configuration files that developers commit without reviewing.
- Revoke the key now. Go to console.anthropic.com, open API Keys, and delete the exposed key. Do not wait to investigate first — revoke first, then review.
- Check usage logs. Review your Anthropic usage dashboard for requests you did not make, particularly calls outside your normal working hours or using models you do not typically use.
- Review your billing. Check your Anthropic billing dashboard for unexpected charges. If you find unauthorized usage, contact Anthropic support with the relevant timestamps.
- Scrub your git history. If the key was in a committed file, deleting it is not enough — the key still exists in earlier commits. Use
git-filter-repoor BFG Repo-Cleaner to remove it from the full history, then force-push. Check.claude/directories specifically, as these are a common unintentional commit location. - Generate a new key. Create a fresh API key in the Anthropic console and set it as the
ANTHROPIC_API_KEYenvironment variable on your machine. - Add monitoring. AgentGuard360 monitors your Claude Code sessions and agent output for credential patterns — catching the next exposure before it reaches a public repository or configuration file.
