fix: require ANTHROPIC_API_KEY for Claude Code / Happy Coder auth #13

Closed

cpfarhood wants to merge 1 commits from fix/claude-code-auth into main

pull from: fix/claude-code-auth

merge into: farhoodlabs:main

farhoodlabs:main

farhoodlabs:gh-pages

farhoodlabs:fix/update-cpfarhood-to-farhoodliquor

farhoodlabs:fix/init-home-before-git-config

farhoodlabs:feat/helm-github-pages

farhoodlabs:feature/serverless-2.0.0

farhoodlabs:fix/schema-new-mcp-sidecars

farhoodlabs:fix/ci-race-condition

farhoodlabs:feature/add-fetch-sequential-thinking-mcp

farhoodlabs:feat/mcp-sidecars

farhoodlabs:fix/persist-config-to-pvc

farhoodlabs:docs/final-readme-pass

farhoodlabs:fix/antigravity-userdata-persistence

farhoodlabs:fix/antigravity-no-sandbox

farhoodlabs:feat/ide-choice

farhoodlabs:fix/happy-home-dir

farhoodlabs:feat/cluster-access-rbac

farhoodlabs:fix/happy-daemon-stale-lock

farhoodlabs:fix/happy-daemon-no-sudo

farhoodlabs:fix/happy-daemon-user

farhoodlabs:fix/chrome-in-docker

farhoodlabs:fix/install-claude-code

farhoodlabs:fix/app-user-shell

farhoodlabs:fix/happy-daemon-nonblocking

farhoodlabs:chore/rename-chart-cpfarhood

farhoodlabs:chore/renovate

farhoodlabs:feat/helm-oci-publish

farhoodlabs:fix/happy-daemon-start

Conversation 0 Commits 1 Files Changed 3

+25 -5

cpfarhood commented 2026-02-20 14:25:14 +00:00 (Migrated from github.com)

Copy Link

Copy Source

Summary

• Browser-based OAuth login for Claude Code does not work inside the VNC session — the OAuth redirect callback cannot route back into the container
• When ANTHROPIC_API_KEY is set in the environment, Claude Code skips browser auth and uses the key directly — this is the correct approach for containerized environments
• The envFrom: secretRef in the Deployment already passes all secret keys as env vars, so users just need to add ANTHROPIC_API_KEY to their existing Kubernetes secret

Changes

• init-repo.sh: print a clear warning at startup if ANTHROPIC_API_KEY is not set, explaining why Happy Coder won't work
• chart/values.yaml: document ANTHROPIC_API_KEY in the envSecretName comment so it's visible at deploy time
• VARIABLES.md: add full ANTHROPIC_API_KEY entry and update the kubectl create secret example to include it

To fix your existing deployment

Add ANTHROPIC_API_KEY to your Kubernetes secret:

kubectl patch secret <your-secret-name> -n <namespace> \
  --type='json' \
  -p='[{"op":"add","path":"/data/ANTHROPIC_API_KEY","value":"'$(echo -n "sk-ant-api03-..." | base64)'"}]'

Or recreate it:

kubectl create secret generic devcontainer-<name>-secrets-env \
  --from-literal=GITHUB_TOKEN='...' \
  --from-literal=VNC_PASSWORD='...' \
  --from-literal=ANTHROPIC_API_KEY='sk-ant-api03-...' \
  --dry-run=client -o yaml | kubeseal --format=yaml | kubectl apply -f -

Then restart the pod to pick up the new env var.

Test plan

• Add ANTHROPIC_API_KEY to the secret and restart the pod
• Check logs — warning should NOT appear
• Open Happy Coder — it should connect without prompting for browser login

🤖 Generated with Claude Code

## Summary - Browser-based OAuth login for Claude Code does not work inside the VNC session — the OAuth redirect callback cannot route back into the container - When `ANTHROPIC_API_KEY` is set in the environment, Claude Code skips browser auth and uses the key directly — this is the correct approach for containerized environments - The `envFrom: secretRef` in the Deployment already passes all secret keys as env vars, so users just need to add `ANTHROPIC_API_KEY` to their existing Kubernetes secret ## Changes - **`init-repo.sh`**: print a clear warning at startup if `ANTHROPIC_API_KEY` is not set, explaining why Happy Coder won't work - **`chart/values.yaml`**: document `ANTHROPIC_API_KEY` in the `envSecretName` comment so it's visible at deploy time - **`VARIABLES.md`**: add full `ANTHROPIC_API_KEY` entry and update the `kubectl create secret` example to include it ## To fix your existing deployment Add `ANTHROPIC_API_KEY` to your Kubernetes secret: ```bash kubectl patch secret <your-secret-name> -n <namespace> \ --type='json' \ -p='[{"op":"add","path":"/data/ANTHROPIC_API_KEY","value":"'$(echo -n "sk-ant-api03-..." | base64)'"}]' ``` Or recreate it: ```bash kubectl create secret generic devcontainer-<name>-secrets-env \ --from-literal=GITHUB_TOKEN='...' \ --from-literal=VNC_PASSWORD='...' \ --from-literal=ANTHROPIC_API_KEY='sk-ant-api03-...' \ --dry-run=client -o yaml | kubeseal --format=yaml | kubectl apply -f - ``` Then restart the pod to pick up the new env var. ## Test plan - [ ] Add `ANTHROPIC_API_KEY` to the secret and restart the pod - [ ] Check logs — warning should NOT appear - [ ] Open Happy Coder — it should connect without prompting for browser login 🤖 Generated with [Claude Code](https://claude.com/claude-code)

Pull request closed

Please reopen this pull request to perform a merge.

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

Clear labels

antigravity

architecture

automation

bug

Something isn't working

documentation

Improvements or additions to documentation

duplicate

This issue or pull request already exists

enhancement

New feature or request

examples

good first issue

Good for newcomers

helm

help wanted

Extra attention is needed

invalid

This doesn't seem right

maintainability

monitoring

question

Further information is requested

refactor

tooling

user-experience

validation

wontfix

This will not be worked on

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

fl_blake (Blake MIddleware) cpfarhood (Chris Farhood) ci (Continuous Integration [bot]) flux (Flux CD) admin (Gitea Admin) fl_hugh (Hugh Commit) renovate (Mend Renovate) fl_warren (Warren Bufferpool)

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: farhoodlabs/devcontainer#13