I’m filling out my .env file with some ai api keys. I type in “VITE_GOOGLE_GEMINI_API_KEY=” (without quotes), and Cursor auto-completes with a string that suspiciously has the format of the Google Gemini API key. It’s not my key. I don’t know whose key it is. It’s possible that it’s no one’s key and it just matched the format by predicting he next token. But maye the AI got trained on some code where ppl leaked their keys and it’s someone’s actual key? Idk.
So I’m not sure this is a bug or anything needs to be done. But one suggestion would be to make it so that it doesn’t auto-complete api keys, passwords, or any kind of sensitive data.
1 Like
I had this happen to me with openai key whereby it posted some key that was ~40chars longer than an API real key…
And It confused me and I thought I copied my key wrong…
it consumed like 10-ish minutes of my time trying to figure WTF.
1 Like
I lucked out and had the google gem. key in a regular textpad on the other screen, so I compared it right away (thinking it grabbed it out of my clipboard), and saw that it was slightly different.