Claude Code Container Security Guide
π Key Takeaways
- Secrets Management: Never hardcode API keys; use dedicated secrets management solutions like AWS Secrets Manager, HashiCorp Vault, or Azure Key Vault
- Network Isolation: Implement strict network policies limiting access to only necessary services (npm registry, GitHub, Anthropic API)
- Container Hardening: Use minimal base images, run as non-root, enable read-only filesystems, and drop all unnecessary capabilities
- RBAC Implementation: Apply least privilege principle with granular role-based access controls in Kubernetes
- Compliance Ready: Built-in support for HIPAA, PCI-DSS, GDPR, and SOC 2 requirements through comprehensive audit logging and monitoring
- Defense in Depth: Layer multiple security controls from image scanning to runtime protection to continuous monitoring
Executive Summary
This guide provides comprehensive security considerations for deploying Claude Code in containerized environments. It covers API key management, network isolation, container hardening, RBAC implementation, and compliance requirements based on industry best practices and OWASP recommendations. For general container setup, see the Container Guide.
1. API Key and Secrets Management
Core Principles
- Never hardcode secrets: API keys should never be stored in code, configuration files, or container images
- Use secure storage: Implement dedicated secrets management solutions
- Implement least privilege: Grant minimal necessary permissions to API keys
- Regular rotation: Establish automated key rotation policies
- Monitor usage: Track API key usage patterns for anomaly detection
Recommended Solutions
Enterprise Secrets Management
- AWS Secrets Manager: Native integration with AWS services, automatic rotation capabilities
- HashiCorp Vault: Platform-agnostic, supports dynamic secrets and encryption as a service
- Azure Key Vault: Integrated with Azure AD for RBAC, HSM-backed security
- CyberArk: Enterprise-grade privileged access management
Container-Specific Practices
# Kubernetes Secret Example
apiVersion: v1
kind: Secret
metadata:
name: claude-api-secret
type: Opaque
data:
api-key: <base64-encoded-key>Warning: Kubernetes secrets are stored in plaintext by default in etcd. Always enable encryption at rest:
# Enable etcd encryption
--encryption-provider-config=/path/to/encryption-config.yamlMCP Server Security
- Use dynamic/ephemeral secrets for MCP servers when possible
- Implement session-specific credentials with automatic expiration
- Isolate access between different MCP instances
- Only use MCP servers from trusted providers
- See MCP Integration for container-specific MCP setup
Anti-Patterns to Avoid
- Environment variables in Dockerfiles
- Secrets in container images
- Unencrypted secrets in orchestration platforms
- Shared secrets across multiple containers
2. Network Security and Isolation
Container Network Isolation
Docker Network Security
# Create isolated network
docker network create --driver bridge --opt "com.docker.network.bridge.enable_icc=false" claude-secure
# Run Claude Code with restricted network
docker run --network=claude-secure \
--cap-drop=ALL \
--cap-add=NET_BIND_SERVICE \
claude-code:latestKubernetes Network Policies
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: claude-code-policy
spec:
podSelector:
matchLabels:
app: claude-code
policyTypes:
- Ingress
- Egress
egress:
- to:
- namespaceSelector:
matchLabels:
name: allowed-services
ports:
- protocol: TCP
port: 443
ingress:
- from:
- podSelector:
matchLabels:
role: api-gatewayAllowed Network Access
Based on Claude Code requirements, limit network access to:
- npm registry: For package installation
- GitHub/GitLab: For repository access (see GitHub Integration)
- Anthropic API servers: For Claude API communication
- Internal services: As explicitly required
- MCP Servers: When using MCP integrations
Network Segmentation
- Deploy Claude Code containers in dedicated network segments
- Implement micro-segmentation for sensitive workloads
- Use service mesh (Istio, Linkerd) for advanced traffic management
- Enable mTLS for all inter-service communication
3. Container Hardening Techniques
Image Security
Minimal Base Images
# Use distroless or Alpine Linux
FROM gcr.io/distroless/nodejs18-debian11
COPY --from=builder /app /app
USER nonroot
WORKDIR /app
CMD ["claude-code"]For more Dockerfile examples, see Docker Setup Guide.
Image Scanning
# Scan for vulnerabilities
trivy image claude-code:latest
grype claude-code:latestRuntime Security
Security Context (Kubernetes)
securityContext:
runAsNonRoot: true
runAsUser: 1000
fsGroup: 2000
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefaultDocker Security Options
docker run \
--security-opt=no-new-privileges \
--security-opt apparmor=docker-default \
--security-opt seccomp=/path/to/seccomp/profile.json \
--read-only \
--tmpfs /tmp \
claude-code:latestAdvanced Isolation Technologies
For High-Security Environments
- Kata Containers: Hardware-virtualized containers
- gVisor: Application kernel providing additional isolation
- Firecracker: Lightweight VMs for container workloads
For enterprise deployment patterns, see Enterprise Deployment Guide.
Host Hardening
- Enable SELinux/AppArmor on container hosts
- Follow CIS benchmarks for Docker/Kubernetes
- Implement kernel hardening (sysctl parameters)
- Regular security patching schedule
4. RBAC and Access Control
Kubernetes RBAC Implementation
Role Definition
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: claude-code-operator
namespace: claude-apps
rules:
- apiGroups: [""]
resources: ["pods", "services"]
verbs: ["get", "list", "watch"]
- apiGroups: ["apps"]
resources: ["deployments"]
verbs: ["get", "list", "watch", "update", "patch"]Service Account Binding
apiVersion: v1
kind: ServiceAccount
metadata:
name: claude-code-sa
namespace: claude-apps
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: claude-code-binding
namespace: claude-apps
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: claude-code-operator
subjects:
- kind: ServiceAccount
name: claude-code-sa
namespace: claude-appsAccess Control Best Practices
- Implement least privilege principle
- Avoid cluster-admin roles
- Use namespace isolation
- Regular RBAC audits
- Implement admission controllers (OPA, Kyverno)
Claude Code Permission System
- Leverage Claude Codeβs built-in permission system
- Configure read-only access by default
- Require explicit approval for:
- File modifications
- Command execution
- Git operations
- Network requests
- For advanced permission configurations, see Security Architecture
5. Compliance and Audit Considerations
Audit Logging Configuration
Kubernetes Audit Policy
apiVersion: audit.k8s.io/v1
kind: Policy
rules:
- level: RequestResponse
omitStages:
- RequestReceived
users: ["claude-code-sa"]
verbs: ["create", "update", "patch", "delete"]
resources:
- group: ""
resources: ["secrets", "configmaps"]
- level: Metadata
omitStages:
- RequestReceivedSIEM Integration
Log Collection Pipeline
# Fluentd configuration for log forwarding
<source>
@type tail
path /var/log/containers/claude-code-*.log
tag claude.code.*
<parse>
@type json
</parse>
</source>
<match claude.code.**>
@type forward
<server>
host siem.company.com
port 24224
</server>
</match>Compliance Requirements
Key Regulations
- HIPAA: Encryption at rest/transit, access controls, audit logs
- PCI-DSS: Network segmentation, vulnerability management
- GDPR: Data protection, privacy by design
- SOC 2: Security controls, monitoring, incident response
Implementation Checklist
- Enable audit logging at all levels (see Audit Trail Patterns)
- Implement log retention policies
- Configure automated compliance scanning
- Establish incident response procedures
- Regular security assessments
- Document security controls
Monitoring and Alerting
Key Metrics to Monitor
- API key usage patterns
- Container resource consumption (see Resource Monitoring)
- Network traffic anomalies
- Failed authentication attempts
- Privilege escalation attempts
- File system modifications
- For comprehensive monitoring setup, see Monitoring Guide
Alert Examples
# Prometheus AlertManager rule
groups:
- name: claude-code-security
rules:
- alert: UnauthorizedAPIAccess
expr: |
rate(claude_api_unauthorized_total[5m]) > 0
for: 5m
labels:
severity: critical
annotations:
summary: "Unauthorized Claude API access detected"Implementation Roadmap
Phase 1: Foundation (Weeks 1-2)
- Implement secrets management solution
- Configure basic network isolation
- Deploy with non-root containers
Phase 2: Hardening (Weeks 3-4)
- Enable security profiles (AppArmor/SELinux)
- Implement RBAC policies
- Configure audit logging
Phase 3: Advanced Security (Weeks 5-6)
- Deploy admission controllers
- Implement SIEM integration
- Enable advanced isolation (if required)
Phase 4: Compliance (Weeks 7-8)
- Conduct security assessment
- Implement compliance controls
- Documentation and training
Security Checklist
Pre-Deployment
- API keys stored in secrets management system
- Container images scanned for vulnerabilities
- Network policies defined
- RBAC roles configured
- Security contexts applied
Runtime
- Containers running as non-root
- Read-only root filesystem
- Capabilities dropped
- Network traffic restricted
- Audit logging enabled
Ongoing
- Regular security updates
- Continuous vulnerability scanning
- RBAC reviews
- Incident response testing
- Compliance audits
Conclusion
Securing Claude Code in containerized environments requires a multi-layered approach combining:
- Robust secrets management
- Network isolation and segmentation
- Container and host hardening
- Comprehensive RBAC implementation
- Continuous monitoring and compliance
By following these guidelines and adapting them to your specific environment, you can maintain a strong security posture while leveraging the power of Claude Code for development operations.
π Related Resources
Container Documentation
- Container Guide - General container setup and configuration
- Container Troubleshooting - Common issues and solutions
- DevContainers Guide - Development container configuration
- Cloud Deployment - Production deployment strategies
Security Resources
- Security Architecture - Comprehensive security overview
- Security Deep Dive - Advanced security patterns
- Security Best Practices - Development security guidelines
- Hooks System - Security through control points
Compliance and Monitoring
- Monitoring Guide - Observability setup
- CD Integration - Secure deployment pipelines
- Audit Trails - Compliance logging