Is it supposed to just get access, just like that - and make changes to my .env, secrets, keys and so on?
Hey,
To stop the AI accessing a certain file, you can either add it to your .gitignore file, or you can make a .cursorignore file, which has the same effect but is not linked to Git.
While you can still bring the file in as context in the chat and composer if you have it open, or manually @ it, it wonât be indexed or âknownâ to an AI without being manually brought in.
Thanks for clarifying you can use the .cursorignore file.
However, I often have my .env file open, and cursor automatically adds the open file to the context. It would be nice if there were a check to not automatically add .env files to the context like that.
Cursor should ignore the file if itâs in your .gitignore file too!
However, some users do want Cursor to read their .env file so that Cursor Tab will autofill the environment variables, usually when they arenât secrets like API keys or private URLs.
Iâd love for Cursor to secure .env
files by default by:
- Ignoring them completely (no AI suggestions).
- Never adding them to context, even if open in a tab.
- Blocking them from being added to chat by default.
While .cursorrules
and .gitignore
help, some users may forget or overlook security risks. A convention-over-configuration approach would greatly enhance safety.
Thanks for considering this!
There are many cases where having a local development .env in context is not harmful and actually benefits as the AI can see if things are misconfigured there or how settings apply to the code as it would change behaviors.
You can create a separate .env.development or .env.local besides .env to put secrets there and set that extra file into cursor ignore setting.
@danperks Cursor does not ignore .env file if its in .gitignore. I have tested this. Composer Agent has read the .env file which is in .gitignore to avoid comitting development config, it even tried editing the file which i dont mind.
Neither of these worked for me.
Additionally specifying âdefault: no contextâ to be sure that I canât accidentally leak my keys doesnât change the UI, so it still shows the open file, which leads to Claude giving the impression itâs seen your code, when it hasnât.
sure, but iâd say the majority of .envs do have private keys in them, so it should probably default to not readable.
also, not sure if itâs changed in the last 6 months, but last time I tried to get cursor to ignore a file it definitely did not
The new docs address this as follows:
- While a
â.cursorignoreâ
file can prevent files from being indexed, those files may still be included in AI requests, such as if you recently viewed a file and then ask a question in the chat. We are considering adding aâ.cursorbanâ
file to address the use case of wanting to block files from being sent up in any request â please make a forum post or reach out at [email protected] if this is a feature that would be interesting to you.
https://www.cursor.com/security#codebase-indexing
So this would mean a .cursorban file must be implemented. Do others agree?