Claude Code Container Security Guide

πŸ”‘ Key Takeaways

  • Secrets Management: Never hardcode API keys; use dedicated secrets management solutions like AWS Secrets Manager, HashiCorp Vault, or Azure Key Vault
  • Network Isolation: Implement strict network policies limiting access to only necessary services (npm registry, GitHub, Anthropic API)
  • Container Hardening: Use minimal base images, run as non-root, enable read-only filesystems, and drop all unnecessary capabilities
  • RBAC Implementation: Apply least privilege principle with granular role-based access controls in Kubernetes
  • Compliance Ready: Built-in support for HIPAA, PCI-DSS, GDPR, and SOC 2 requirements through comprehensive audit logging and monitoring
  • Defense in Depth: Layer multiple security controls from image scanning to runtime protection to continuous monitoring

Executive Summary

This guide provides comprehensive security considerations for deploying Claude Code in containerized environments. It covers API key management, network isolation, container hardening, RBAC implementation, and compliance requirements based on industry best practices and OWASP recommendations. For general container setup, see the Container Guide.

1. API Key and Secrets Management

Core Principles

  • Never hardcode secrets: API keys should never be stored in code, configuration files, or container images
  • Use secure storage: Implement dedicated secrets management solutions
  • Implement least privilege: Grant minimal necessary permissions to API keys
  • Regular rotation: Establish automated key rotation policies
  • Monitor usage: Track API key usage patterns for anomaly detection

Enterprise Secrets Management

  • AWS Secrets Manager: Native integration with AWS services, automatic rotation capabilities
  • HashiCorp Vault: Platform-agnostic, supports dynamic secrets and encryption as a service
  • Azure Key Vault: Integrated with Azure AD for RBAC, HSM-backed security
  • CyberArk: Enterprise-grade privileged access management

Container-Specific Practices

# Kubernetes Secret Example
apiVersion: v1
kind: Secret
metadata:
  name: claude-api-secret
type: Opaque
data:
  api-key: <base64-encoded-key>

Warning: Kubernetes secrets are stored in plaintext by default in etcd. Always enable encryption at rest:

# Enable etcd encryption
--encryption-provider-config=/path/to/encryption-config.yaml

MCP Server Security

  • Use dynamic/ephemeral secrets for MCP servers when possible
  • Implement session-specific credentials with automatic expiration
  • Isolate access between different MCP instances
  • Only use MCP servers from trusted providers
  • See MCP Integration for container-specific MCP setup

Anti-Patterns to Avoid

  • Environment variables in Dockerfiles
  • Secrets in container images
  • Unencrypted secrets in orchestration platforms
  • Shared secrets across multiple containers

2. Network Security and Isolation

Container Network Isolation

Docker Network Security

# Create isolated network
docker network create --driver bridge --opt "com.docker.network.bridge.enable_icc=false" claude-secure
 
# Run Claude Code with restricted network
docker run --network=claude-secure \
  --cap-drop=ALL \
  --cap-add=NET_BIND_SERVICE \
  claude-code:latest

Kubernetes Network Policies

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: claude-code-policy
spec:
  podSelector:
    matchLabels:
      app: claude-code
  policyTypes:
  - Ingress
  - Egress
  egress:
  - to:
    - namespaceSelector:
        matchLabels:
          name: allowed-services
    ports:
    - protocol: TCP
      port: 443
  ingress:
  - from:
    - podSelector:
        matchLabels:
          role: api-gateway

Allowed Network Access

Based on Claude Code requirements, limit network access to:

  • npm registry: For package installation
  • GitHub/GitLab: For repository access (see GitHub Integration)
  • Anthropic API servers: For Claude API communication
  • Internal services: As explicitly required
  • MCP Servers: When using MCP integrations

Network Segmentation

  • Deploy Claude Code containers in dedicated network segments
  • Implement micro-segmentation for sensitive workloads
  • Use service mesh (Istio, Linkerd) for advanced traffic management
  • Enable mTLS for all inter-service communication

3. Container Hardening Techniques

Image Security

Minimal Base Images

# Use distroless or Alpine Linux
FROM gcr.io/distroless/nodejs18-debian11
COPY --from=builder /app /app
USER nonroot
WORKDIR /app
CMD ["claude-code"]

For more Dockerfile examples, see Docker Setup Guide.

Image Scanning

# Scan for vulnerabilities
trivy image claude-code:latest
grype claude-code:latest

Runtime Security

Security Context (Kubernetes)

securityContext:
  runAsNonRoot: true
  runAsUser: 1000
  fsGroup: 2000
  readOnlyRootFilesystem: true
  allowPrivilegeEscalation: false
  capabilities:
    drop:
    - ALL
  seccompProfile:
    type: RuntimeDefault

Docker Security Options

docker run \
  --security-opt=no-new-privileges \
  --security-opt apparmor=docker-default \
  --security-opt seccomp=/path/to/seccomp/profile.json \
  --read-only \
  --tmpfs /tmp \
  claude-code:latest

Advanced Isolation Technologies

For High-Security Environments

  1. Kata Containers: Hardware-virtualized containers
  2. gVisor: Application kernel providing additional isolation
  3. Firecracker: Lightweight VMs for container workloads

For enterprise deployment patterns, see Enterprise Deployment Guide.

Host Hardening

  • Enable SELinux/AppArmor on container hosts
  • Follow CIS benchmarks for Docker/Kubernetes
  • Implement kernel hardening (sysctl parameters)
  • Regular security patching schedule

4. RBAC and Access Control

Kubernetes RBAC Implementation

Role Definition

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: claude-code-operator
  namespace: claude-apps
rules:
- apiGroups: [""]
  resources: ["pods", "services"]
  verbs: ["get", "list", "watch"]
- apiGroups: ["apps"]
  resources: ["deployments"]
  verbs: ["get", "list", "watch", "update", "patch"]

Service Account Binding

apiVersion: v1
kind: ServiceAccount
metadata:
  name: claude-code-sa
  namespace: claude-apps
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: claude-code-binding
  namespace: claude-apps
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: claude-code-operator
subjects:
- kind: ServiceAccount
  name: claude-code-sa
  namespace: claude-apps

Access Control Best Practices

  • Implement least privilege principle
  • Avoid cluster-admin roles
  • Use namespace isolation
  • Regular RBAC audits
  • Implement admission controllers (OPA, Kyverno)

Claude Code Permission System

  • Leverage Claude Code’s built-in permission system
  • Configure read-only access by default
  • Require explicit approval for:
    • File modifications
    • Command execution
    • Git operations
    • Network requests
  • For advanced permission configurations, see Security Architecture

5. Compliance and Audit Considerations

Audit Logging Configuration

Kubernetes Audit Policy

apiVersion: audit.k8s.io/v1
kind: Policy
rules:
- level: RequestResponse
  omitStages:
  - RequestReceived
  users: ["claude-code-sa"]
  verbs: ["create", "update", "patch", "delete"]
  resources:
  - group: ""
    resources: ["secrets", "configmaps"]
- level: Metadata
  omitStages:
  - RequestReceived

SIEM Integration

Log Collection Pipeline

# Fluentd configuration for log forwarding
<source>
  @type tail
  path /var/log/containers/claude-code-*.log
  tag claude.code.*
  <parse>
    @type json
  </parse>
</source>
 
<match claude.code.**>
  @type forward
  <server>
    host siem.company.com
    port 24224
  </server>
</match>

Compliance Requirements

Key Regulations

  • HIPAA: Encryption at rest/transit, access controls, audit logs
  • PCI-DSS: Network segmentation, vulnerability management
  • GDPR: Data protection, privacy by design
  • SOC 2: Security controls, monitoring, incident response

Implementation Checklist

  • Enable audit logging at all levels (see Audit Trail Patterns)
  • Implement log retention policies
  • Configure automated compliance scanning
  • Establish incident response procedures
  • Regular security assessments
  • Document security controls

Monitoring and Alerting

Key Metrics to Monitor

  • API key usage patterns
  • Container resource consumption (see Resource Monitoring)
  • Network traffic anomalies
  • Failed authentication attempts
  • Privilege escalation attempts
  • File system modifications
  • For comprehensive monitoring setup, see Monitoring Guide

Alert Examples

# Prometheus AlertManager rule
groups:
- name: claude-code-security
  rules:
  - alert: UnauthorizedAPIAccess
    expr: |
      rate(claude_api_unauthorized_total[5m]) > 0
    for: 5m
    labels:
      severity: critical
    annotations:
      summary: "Unauthorized Claude API access detected"

Implementation Roadmap

Phase 1: Foundation (Weeks 1-2)

  • Implement secrets management solution
  • Configure basic network isolation
  • Deploy with non-root containers

Phase 2: Hardening (Weeks 3-4)

  • Enable security profiles (AppArmor/SELinux)
  • Implement RBAC policies
  • Configure audit logging

Phase 3: Advanced Security (Weeks 5-6)

  • Deploy admission controllers
  • Implement SIEM integration
  • Enable advanced isolation (if required)

Phase 4: Compliance (Weeks 7-8)

  • Conduct security assessment
  • Implement compliance controls
  • Documentation and training

Security Checklist

Pre-Deployment

  • API keys stored in secrets management system
  • Container images scanned for vulnerabilities
  • Network policies defined
  • RBAC roles configured
  • Security contexts applied

Runtime

  • Containers running as non-root
  • Read-only root filesystem
  • Capabilities dropped
  • Network traffic restricted
  • Audit logging enabled

Ongoing

  • Regular security updates
  • Continuous vulnerability scanning
  • RBAC reviews
  • Incident response testing
  • Compliance audits

Conclusion

Securing Claude Code in containerized environments requires a multi-layered approach combining:

  • Robust secrets management
  • Network isolation and segmentation
  • Container and host hardening
  • Comprehensive RBAC implementation
  • Continuous monitoring and compliance

By following these guidelines and adapting them to your specific environment, you can maintain a strong security posture while leveraging the power of Claude Code for development operations.

Container Documentation

Security Resources

Compliance and Monitoring

External Resources