Skip to main content
This guide explains Claude Code’s configuration and environment management: where settings live, how project and personal settings differ, how to protect secrets, how to use the CLAUDE.md memory file to give the assistant project context, and how to use the claude CLI for quick configuration checks and edits. Follow the examples to secure sensitive data and make team-wide settings consistent.

Quick overview: settings types and typical uses

Settings TypeScopeTypical Path(s)Use Case
User-levelSingle user / machinemacOS/Linux: ~/.claude/settings.json
Windows: C:\Users\<YourUser>\AppData\Roaming\ClaudeCode\settings.json		Personal preferences (editor, telemetry opt-in, UI flags). Not usually checked into source control.
Project-levelRepository-scoped<repo>/.cloud/settings.json or <repo>/.claude/settings.jsonTeam-shared rules, tool permissions, environment overrides. Committed to repo.
Local (untracked)Developer override<repo>/settings.local.json (gitignored)Personal experiments, local tokens, per-developer preferences.
Managed / EnterpriseOrganization-managedmacOS: /Library/Application Support/ClaudeCode/managed-settings.json
Linux/WSL: /etc/claude-code/managed-settings.json
Windows: C:\ProgramData\ClaudeCode\managed-settings.json		Centrally enforced policies for telemetry, tool access, denied paths.

User-level settings

User preferences are kept in a user settings file. Examples: macOS / Linux: 
~/.claude/settings.json
Windows (roaming profile): 
C:\Users\<YourUser>\AppData\Roaming\ClaudeCode\settings.json
A minimal example: 
{
  "$schema": "https://json.schemastore.org/claude-code-settings.json",
  "feedbackSurveyState": {
    "lastShownTime": 1754343213656
  }
}
Edit this file with your preferred editor. If code (VS Code CLI) isn’t installed on macOS you may see: 
jeremy@MACSTUDIO KodeKloud-METAR-Reader % code ~/.claude/settings.json
zsh: command not found: code

# fallback
jeremy@MACSTUDIO KodeKloud-METAR-Reader % vim ~/.claude/settings.json
User settings are intended for machine-specific personal preferences and are normally not checked into source control.

Project-level settings (checked into source control)

To share configuration across the team, add a .cloud or .claude folder at the repository root and place a settings.json there. These project-scoped settings are typically committed to the repo so teammates receive the same permissions and environment overrides. Example project settings.json: 
{
  "permissions": {
    "allow": [
      "Bash(npm run lint)",
      "Bash(npm run test:*)",
      "Read(~/.zshrc)"
    ],
    "deny": [
      "Bash(curl:*)",
      "Read(./.env)",
      "Read(./.env.*)",
      "Read(./secrets/**)"
    ],
    "defaultMode": "acceptEdits",
    "additionalDirectories": ["../some-other-project"]
  },
  "env": {
    "CLAUDE_CODE_ENABLE_TELEMETRY": "1",
    "OTEL_EXPORTER_OTLP_METRICS_PROTOCOL": "grpc"
  }
}
Key fields and what they control:
FieldPurpose
permissions.allowControls which automatic/invoked tools or file reads the assistant can perform.
permissions.denyBlocks access to sensitive files, folders and commands.
defaultModeControls edit behavior (for example, acceptEdits).
additionalDirectoriesGrants the assistant access to sibling repos or extra project paths.
envEnvironment variables to set when running tools or the assistant in the project context.
For a full list of supported options, see the official docs: https://docs.anthropic.com/en/docs (search for Claude Code settings).

Local, untracked project preferences

Use settings.local.json at the project root for developer-specific overrides that must not be committed. Claude Code will add this file to .gitignore when it detects it. Example settings.local.json: 
{
  "cleanupAfterCountdown": 7
}
This is ideal for per-developer experiments, local tokens, or temporary flags.

Enterprise / Managed settings

For centralized administration in larger organizations, put managed-settings.json in system-wide locations: 
macOS: /Library/Application Support/ClaudeCode/managed-settings.json
Linux/WSL: /etc/claude-code/managed-settings.json
Windows: C:\ProgramData\ClaudeCode\managed-settings.json
Managed settings are enforced system-wide and are suitable to block tools, set required telemetry defaults, and enforce deny lists.

Important: protecting secrets

A core security practice is using the permissions block to prevent the assistant from reading secrets and environment files. Example deny rules: 
{
  "permissions": {
    "deny": [
      "Read(./.env)",
      "Read(./.env.*)",
      "Read(./secrets/**)"
    ],
    "allow": []
  }
}
Deny patterns are powerful. Use them to explicitly block access to environment files, a secrets directory, or other sensitive build output.
When composing deny rules:
  • Prefer explicit deny patterns for any credential or token files.
  • Deny recursive folders (e.g., secrets/**) to block subdirectories.
  • Keep project-level deny rules in the committed settings.json to ensure the whole team is protected.

The memory file: CLAUDE.md

CLAUDE.md is a project-scoped memory file that is loaded at assistant startup to provide context: setup steps, common commands, dependencies, and the project layout. This helps the assistant provide accurate, context-aware suggestions. Example CLI output when Claude Code generates CLAUDE.md: 
# Example created by Claude Code
Wrote 49 lines to CLAUDE.md
Example CLAUDE.md contents for a Python Flask METAR reader: 
This is a Flask web application that decodes METAR aviation weather reports.

## Development Commands

### Environment Setup
```bash
python -m venv venv
source venv/bin/activate    # On Windows: venv\Scripts\activate
pip install -r requirements.txt
```text

### Running the Application
```bash
python app.py
```text

### Testing
```bash
pytest test_app.py -v
```text

### Code Quality
```bash
# Install development dependencies
pip install flake8 black mypy

# Linting
flake8 app.py test_app.py

# Code formatting
black app.py test_app.py
```text

## Dependencies
- requests==2.31.0
- pytest==7.4.3

## Project Structure
`app.py` - Main Flask application with METAR decoder  
`test_app.py` - Unit tests  
`templates/` - HTML templates  
`static/` - CSS and static assets  
`requirements.txt` - Python dependencies
Keep CLAUDE.md concise and focused on the commands and structure the assistant needs to bootstrap tasks quickly. Include setup commands, test commands, and any environment quirks.
When present, CLAUDE.md is loaded automatically at startup to prime the model with project-specific context.

CLI: viewing & setting configuration

Claude Code offers a CLI for inspecting and changing settings quickly. Common commands:
  • List all config:
claude config list
Example output (minimal): 
{
  "allowedTools": [],
  "hasTrustDialogAccepted": true
}
  • Get a config key:
claude config get <key>
  • Set a config key (local to the repository):
claude config set <key> <value>
  • Set a config key globally (machine-wide):
claude config set -g autoUpdates true
Troubleshooting example: OpenTelemetry environment variable errors may appear if env variables in settings are incorrect: 
Error: Unknown protocol set in OTEL_EXPORTER_OTLP_METRICS_PROTOCOL or OTEL_EXPORTER_OTLP_PROTOCOL env var: undefined
If you see this, check env in your user, project, or managed settings and verify valid values (for example grpc, http/protobuf) per your OpenTelemetry exporter. See OpenTelemetry docs: https://opentelemetry.io/docs/.

Preferences & UX features

Claude Code supports several toggles and UX options that can be set via UI or the CLI:
  • Auto-compact
  • Use todo list (true/false)
  • Checkpointing (recommended)
  • Verbose output
  • Auto-updates
  • Theme (dark/light)
  • Editor mode
  • Model selection
  • Diff tool
  • Auto-install IDE extension
Checkpointing creates automatic rollback points when the assistant makes edits you want to revert. Consider enabling it for critical repositories.

Summary — Best practices for secure, consistent configuration

  • Use the user-level ~/.claude/settings.json for machine-specific preferences.
  • Commit project-wide settings to .cloud or .claude/settings.json so team members share rules and denies.
  • Keep settings.local.json for per-developer untracked overrides and local experiments.
  • Apply managed-settings.json in enterprise environments to centrally enforce policies.
  • Deny reading of .env, secrets/, build output, and other sensitive paths in permissions.deny.
  • Create and maintain a concise CLAUDE.md memory file with setup commands and the project structure to prime the assistant.
  • Use the claude config CLI to inspect and update settings; correct OpenTelemetry environment variables if you receive OTEL-related errors.
These practices will help you manage Claude Code configuration safely and consistently across machines, projects, and organizations.

Watch Video

Practice Lab