You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+8Lines changed: 8 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -39,6 +39,14 @@ npx portkey mcp add
39
39
40
40
Config goes mainly into your shell profile and/or `.claude/` (the wizard explains each choice). Open a **new terminal** (or `source` your profile) after setup, then run `claude` as usual.
41
41
42
+
> **Shared / committed config (`PORTKEY_API_KEY`).** When you choose a git-tracked destination — `mcp add` → **Repo file (.mcp.json)** or `setup` → **Project (shared)** (`.claude/settings.json`) — the CLI **never** writes your key into the committed file. It writes the reference `"${PORTKEY_API_KEY}"` (Claude Code expands it from the environment at read time) and stores the real key in your shell profile. Each teammate just exports their own `PORTKEY_API_KEY`:
43
+
>
44
+
> ```bash
45
+
>export PORTKEY_API_KEY="pk-..."# add to ~/.zshrc, ~/.bashrc, or CI secrets
46
+
>```
47
+
>
48
+
> Config files the CLI creates itself (`~/.claude/settings.json`, `.mcp.json`) are written with owner-only `0600` permissions. Your **shell profile** (`~/.zshrc`, `~/.bashrc`, …) is left untouched — the CLI never changes its permissions — but it **warns**if that file is readable by other users while holding a secret, so you can `chmod 600` it yourself on shared machines.
0 commit comments