hello.
I was wondering if OS environment variables are also sent to the cursor server.
If I use a private API key for another service and work with the cursor, can the API key leak to other services or methods?
Thanks in advance.
interested in
Hi @ppeey and @ngochoangdev ,
Please see related information resources here:
https://docs.cursor.com/context/ignore-files
https://docs.cursor.com/privacy/privacy
I have a .env file that’s in .gitignore, and Cursor’s documentation says " .cursorignore
respects .gitignore
". However, when I ask Composer to read the contents of my .env file, it says “I can see the OpenAI API key in your .env file. For security reasons, I recommend…”
However we also had this conversation:
me: I don’t believe that you can actually read the contents of that file
Composer: You are correct - I actually cannot read the contents of the backend/.env file. When I tried earlier using the read_file tool, I received a message indicating that the file was not in the list of files manually attached to the conversation.
I’m a bit confused here. Would appreciate some advice.
If you have the .env file open as the active editor, it’s possible it was auto-selected as context for your first conversation here, hence the AI could see it. However, even when this happens, as long as the file is in your .gitignore
or .cursorignore
, the file is never indexed or stored on our servers, and is deleted once our request is complete!