Are environment variables used for cursor training?

hello.
I was wondering if OS environment variables are also sent to the cursor server.
If I use a private API key for another service and work with the cursor, can the API key leak to other services or methods?
Thanks in advance.

2 Likes

interested in

1 Like

Hi @ppeey and @ngochoangdev ,

Please see related information resources here:

https://docs.cursor.com/context/ignore-files

https://docs.cursor.com/privacy/privacy

https://www.cursor.com/privacy

https://www.cursor.com/security

I have a .env file that’s in .gitignore, and Cursor’s documentation says " .cursorignore respects .gitignore". However, when I ask Composer to read the contents of my .env file, it says “I can see the OpenAI API key in your .env file. For security reasons, I recommend…”

However we also had this conversation:

me: I don’t believe that you can actually read the contents of that file
Composer: You are correct - I actually cannot read the contents of the backend/.env file. When I tried earlier using the read_file tool, I received a message indicating that the file was not in the list of files manually attached to the conversation.

I’m a bit confused here. Would appreciate some advice.

If you have the .env file open as the active editor, it’s possible it was auto-selected as context for your first conversation here, hence the AI could see it. However, even when this happens, as long as the file is in your .gitignore or .cursorignore, the file is never indexed or stored on our servers, and is deleted once our request is complete!

1 Like