Composer access to .env.local

Is it supposed to just get access, just like that - and make changes to my .env, secrets, keys and so on?

Hey,

To stop the AI accessing a certain file, you can either add it to your .gitignore file, or you can make a .cursorignore file, which has the same effect but is not linked to Git.

While you can still bring the file in as context in the chat and composer if you have it open, or manually @ it, it won’t be indexed or “known” to an AI without being manually brought in.

Thanks for clarifying you can use the .cursorignore file.
However, I often have my .env file open, and cursor automatically adds the open file to the context. It would be nice if there were a check to not automatically add .env files to the context like that.

1 Like

Cursor should ignore the file if it’s in your .gitignore file too!

However, some users do want Cursor to read their .env file so that Cursor Tab will autofill the environment variables, usually when they aren’t secrets like API keys or private URLs.

I’d love for Cursor to secure .env files by default by:

  • Ignoring them completely (no AI suggestions).
  • Never adding them to context, even if open in a tab.
  • Blocking them from being added to chat by default.

While .cursorrules and .gitignore help, some users may forget or overlook security risks. A convention-over-configuration approach would greatly enhance safety.

Thanks for considering this!

There are many cases where having a local development .env in context is not harmful and actually benefits as the AI can see if things are misconfigured there or how settings apply to the code as it would change behaviors.

You can create a separate .env.development or .env.local besides .env to put secrets there and set that extra file into cursor ignore setting.

@danperks Cursor does not ignore .env file if its in .gitignore. I have tested this. Composer Agent has read the .env file which is in .gitignore to avoid comitting development config, it even tried editing the file which i dont mind.

Neither of these worked for me.

Additionally specifying ‘default: no context’ to be sure that I can’t accidentally leak my keys doesn’t change the UI, so it still shows the open file, which leads to Claude giving the impression it’s seen your code, when it hasn’t.

sure, but i’d say the majority of .envs do have private keys in them, so it should probably default to not readable.

also, not sure if it’s changed in the last 6 months, but last time I tried to get cursor to ignore a file it definitely did not

1 Like

The new docs address this as follows:

  • While a ‘.cursorignore’ file can prevent files from being indexed, those files may still be included in AI requests, such as if you recently viewed a file and then ask a question in the chat. We are considering adding a ‘.cursorban’ file to address the use case of wanting to block files from being sent up in any request — please make a forum post or reach out at [email protected] if this is a feature that would be interesting to you.

https://www.cursor.com/security#codebase-indexing

So this would mean a .cursorban file must be implemented. Do others agree?

2 Likes