Is it supposed to just get access, just like that - and make changes to my .env, secrets, keys and so on?
Hey,
To stop the AI accessing a certain file, you can either add it to your .gitignore file, or you can make a .cursorignore file, which has the same effect but is not linked to Git.
While you can still bring the file in as context in the chat and composer if you have it open, or manually @ it, it won’t be indexed or “known” to an AI without being manually brought in.
Thanks for clarifying you can use the .cursorignore file.
However, I often have my .env file open, and cursor automatically adds the open file to the context. It would be nice if there were a check to not automatically add .env files to the context like that.
Cursor should ignore the file if it’s in your .gitignore file too!
However, some users do want Cursor to read their .env file so that Cursor Tab will autofill the environment variables, usually when they aren’t secrets like API keys or private URLs.