In the ignore-files documentation it says that .gitignore is respected for the files cursor ignores: Ignore files | Cursor Docs but it doesn’t thus leaking secrets to models used for autocomplete and agents…
Steps to Reproduce
create .gitignore with content .env
create .env
no lock appearing next to file name
start typing, you see tab completion
ask agent the content of .env, it knows (without using terminal)
Hey, this is a known issue. Quick summary: .gitignore and the default ignore list currently apply only to indexing, not to agent tools (Read file) and Tab completion. There’s more detail here: Cursor IDE Agent Reads .env file!
You already found the right workaround, .cursorignore. If you don’t want to add it to every project, you can set it globally: VS Code Settings > General > Global Cursor Ignore List, then add **/.env and **/.env.*.
One limitation: .cursorignore doesn’t block the agent’s terminal and MCP tools, so in theory the agent could run something like cat .env via the terminal. More info in the docs: Ignore files | Cursor Docs
The team is aware of this gap between indexing ignores and agent tool ignores. Let me know if the global ignore list helps.
Thanks for the reply. When you say “known issue”, does it mean it’s a bug that the team is planning to fix, or an issue that confuses people but is going to stay as is?
I’m assuming it’s a bug because I seem to remember it having worked before (seeing the little forbidden icon next to .env, and we never used .cursorignore).
If it’s the latter, I’d recommend updating the documentation wherever .gitignore is mentioned, that this is only about indexing, that cursor can still read the file (without using terminal commands) and that it is feeded to the tab completion ai.
This has to be changed asap in my opinion. Why would it not be a default setting to ignore anything .env? Especially because this behaviour changed. I remember tab and indexing not being available in my .env files in the past, probably because of my .gitignore files.
And why is the global ignore setting in the VS Code settings and not the Cursor Settings. Why would I look in the VS Code settings to change the behaviour of Cursor? This seems almost like it’s intentionally hard not to leak my secrets.
Hey @nickredmark, per the docs the current behavior is expected. .gitignore and the default ignore list which includes .env* only apply to indexing. To block access for Agent, Tab, and Inline Edit, you need .cursorignore. It’s a separate, stricter mechanism.
.cursorignore blocks access from: Semantic search, Tab, Agent, Inline Edit, and @ mentions.
Default ignore list and .gitignore apply to indexing only.
So .cursorignore isn’t a workaround, it’s the intended tool for this. If you don’t want to add it to every project, there’s a global option: VS Code Settings > General > Global Cursor Ignore List, add **/.env and **/.env.*.
I agree the line “Cursor already ignores .env files” in the docs can be confusing because it doesn’t clarify the scope.
@fenmati, about where this setting lives in VS Code Settings, I get that it’s not obvious. I passed the feedback to the team.