Cursor keeps trying to access sensitive env variables even though .env is ignored

Luisa · December 9, 2025, 1:05am

Where does the bug appear (feature/product)?

Cursor IDE

Describe the Bug

Even with .env in .gitignore and not visible to Cursor, the AI keeps suggesting code that logs env variables, prints secrets, or accesses secret manager values, even after I explicitly tell it not to.

This creates a risk of accidentally exposing real secrets when the model suggests “debugging” steps or auto-executes code.

Steps to Reproduce

How to Reproduce:

Make sure .env is in .gitignore so Cursor cannot see it.

Open any file that references process.env.* or secrets from a cloud secret manager.

Ask Cursor for help modifying or debugging that code.

Even after saying “don’t access or log env variables,” the AI still suggests printing them, accessing them for debugging, or calling secret manager APIs.

Expected Behavior

Expected:
If I say “don’t touch env vars,” the model should stop. Ideally, there should be a setting to block any suggestions that attempt to read or log environment variables.

Actual:
Cursor keeps trying alternative ways to access or print them, despite not having access to the .env file at all.

A “safe mode” or a rule to fully prevent env access would solve this.

Operating System

MacOS

Current Cursor Version (Menu → About Cursor → Copy)

Version: 2.1.50
VSCode Version: 1.105.1
Commit: 56f0a83df8e9eb48585fcc4858a9440db4cc7770
Date: 2025-12-06T23:39:52.834Z
Electron: 37.7.0
Chromium: 138.0.7204.251
Node.js: 22.20.0
V8: 13.8.258.32-electron.0
OS: Darwin arm64 24.6.0

Does this stop you from using Cursor

No - Cursor works, but with this issue

deanrie · December 9, 2025, 7:32am

Hey, thanks for the report.

What you can do right now:

Use .cursorignore to actually block access to .env and secrets instead of .gitignore: Ignore files | Cursor Docs
Add a Project Rule or User Rule, or an AGENTS.md with a strict ban like “never suggest logging or reading env and secrets” for Agent Chat: Rules | Cursor Docs
Make sure Run Everything is off and auto-approval of commands is disabled: Agent Security | Cursor Docs

Could you share specifics so we can escalate and consider adding a Safe mode feature:

Model and mode, whether Run Everything is on, auto-approve status
Whether .cursorignore is configured and which patterns it has
2-3 examples of the AI’s suggestions and screenshots
Request IDs from the relevant chat messages
Repro steps

Share the details above so we can add them to the task.

Luisa · December 9, 2025, 4:25pm

Thanks! I’ll give .cursorignore a shot. We’ve got a bunch of repos, so it’d be awesome to have a global rule for the team to keep it consistent.

Auto-approval is off, which is good, but yeah, the prompt makes it unclear it’ll try to print secrets. That only really clicks once you see the code it writes.

system · December 31, 2025, 4:26pm

This topic was automatically closed 22 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Cursor reads .env even though it is on .cursorignore Bug Reports	2	79	November 2, 2025
.cursorignore ignored for command prompt functions Bug Reports terminal , rules , security	2	14	January 16, 2026
.env Content is Being Captured With Command Bug Reports	2	24	January 6, 2026
Cursor reading .env files Feature Requests	3	2475	April 5, 2025
Agent Sandbox missing certain files Bug Reports	6	112	December 16, 2025