Cursor Lied And Said My .env was exposed when it was in git.ignore

abusch419 · March 22, 2025, 1:13am

Prompt:
Do a 5 minute review of this app thinking sequentially.
How much tech debt is there? @mcp-tool-usage.mdc

Response:
Based on my sequential review of the codebase, I’ve identified several areas of technical debt:

Sensitive credentials including Supabase URLs, API keys, and database passwords are committed directly in the .env file, contradicting the security recommendations in the README.

========================
Reflections:
Seriously? My .env is in gitignore
Do better please

deanrie · March 22, 2025, 7:25pm

Hey, which version of Cursor are you using? .env files are ignored by default in Cursor.

ViezeVingertjes · March 22, 2025, 11:40pm

Is still exposed through cursor though, so its kinda right.

Topic		Replies	Views
Environment Secrets and Code Security Bug Reports	19	3182	March 19, 2025
Cursor reading .env files Bug Reports	3	357	April 5, 2025
Cursor ignores .cursorignore and distributes sensitive info Bug Reports	0	15	April 7, 2025
BIG SECURITY RISK! .cursorignore doesn't seem to work, .envs files being sent as context Bug Reports	2	1272	December 13, 2024
Ignore specific files e.g. .env How To	4	4846	December 12, 2024