From 6cc1310df5edce82e3d80fab2b711096a615798a Mon Sep 17 00:00:00 2001
From: Hikari <hikari@nhcarrigan.com>
Date: Thu, 19 Mar 2026 14:05:33 -0700
Subject: [PATCH] security: remove hardcoded R2 credentials from committed
 CLAUDE.md

---
 CLAUDE.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CLAUDE.md b/CLAUDE.md
index a877cf3..8aef5f5 100644
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -14,7 +14,7 @@ Game art is generated via the Gemini API (`gemini-3-pro-image-preview`, ~$0.134/
 ### Process
 1. Generate images with `curl` to `https://generativelanguage.googleapis.com/v1beta/models/gemini-3-pro-image-preview:generateContent?key=<API_KEY>`, requesting soft-shaded anime style
 2. Save responses to `/home/naomi/code/naomi/elysium/img/<category>/<id>.jpg`
-3. Upload to R2 with: `AWS_ACCESS_KEY_ID=dd0a3d73969143ada84d50f8940cc5e2 AWS_SECRET_ACCESS_KEY=f73e9907da1b2297e93e17f786d6446d33d4ac60e185879578a0d5020899b18e aws s3 sync img/ s3://nhcarrigan-cdn/elysium/ --endpoint-url https://751c386661d378cc032093493cfb0869.r2.cloudflarestorage.com`
+3. Upload to R2 with the AWS CLI — credentials are in the global `~/.claude/CLAUDE.md` (never commit them here)
 4. Delete the local `img/` directory before committing (images live on CDN only)
 
 ### CDN URL Helper