I keep them in env variables rather than files. Not 100% secure - technically Claude Code could still run printenv - but it's never tried. The main thing is it won't stumble into them while reading config files or grepping around.

A process does not need to run printenv to see environment variables, they are literally part of the environment it runs in.

The LLM doesn't have direct access to the process env unless the harness forwards it (and it doesn't)

chown other_user; chmod 000; sudo -k