Hey wonderful guys at Cursor,
Congratulations on building such an amazing product.
I started using Cursor and I can’t take this thing out of mind about how my .env credentials and code is handled in API request.
Base Settings - File Indexation Allowed, privacy mode on, gitignore has .env listed.
Now in this scenario too, I am able to access the .env file in the chat. So logically this is also sent through your API.
Even though the code is not stored on your end, it is stored for 30 days on OpenAI and Claude.
So I feel this is a risk for anyone using it and just wanted more clarity on how a request goes through Cursor and how it works in this scenario. I also read that there is a base scrubber that does not send the .env secrets to the API as well so wanted more clarity on this.
I would ideally want how the request goes and stored on all participants in the flow so can be assured on my end to use it from now. Would really appreciate a detailed reply.
@litecode Is there a way to completely ignore something like a .env file?
I noticed the same thing that @saucr7 did which concerned me as well. That even if the file is in my .gitignore I can still tag the file in the chat which presumably means if you tag an ignored file which has secrets by mistake it will get sent to Cursor’s servers as well as OpenAI/Anthropic’s
I mean “completely ignore” in the sense that I would not like it to ever be sent in any request or leave my local machine at all which would include not being able to tag the file in chat.
This might help prevent mistakes that would result exposing app secrets.
For reference, prior to more recent developments, there was talk of ‘scrubbers’ that worked to prevent unintentional sharing of secrets etc:
So, for me, this communicates the Cursor devs are aware of the surrounding dynamics and creating solutions that will satisfy themselves and other end-users.
I love Cursor, but this is such a big issue it substantially diminishes my experience with the product.
Any updates on cursorban? This is 100% needed. From a security standpoint, there should realistically probably be an explicit opt-in for common sensitive files like .env and .env.local to be indexed or included in chat context. This is almost never intended from a user standpoint and could lead to future security breaches and even legal jeopardy.
It is currently so easy to send sensitive data places it shouldn’t be sent without realizing it. Even if a user makes a mistake and is aware, it’s (at best) a massive inconvenience to mitigate the breach (e.g., changing a bunch of API keys that may be shared across multiple apps).
Please add a .cursorban sooner rather than later. In my opinion, the app should also probably auto-create the file if it doesn’t exist when loading a project, with default entries for common files like .env and .env.local.
Absolutely agree. Essential security feature that is missing. .gitignore and .cursorignore files must mean they are NEVER touched and will NEVER be indexed or processed by ANY AI request whatever. We will wait till we have a confirmed release that has these features enabled by default.
+1 on this.Absolutely essential and i am currently blocked from introduing Cursor to my work environemnt until this is fixed.
Can someone from the cursor team comment on this feature and wether it is on the product roadmap?
We are looking to improve things around this area in the future but for now, the .cursorignore file should stop any files you put in it from being indexed into your codebase, or being autonomosly read by the AI as context.
The only exception here, and where it would differ from a feature like .cursorban would be that you can still @ the file, and if you have the file open as your active editor, it may select itself as context, which you would have to manually untick before sending off your prompt.
With privacy mode enabled however, neither Cursor or any of the LLM providers store any of your code beyond the time needed to complete your query - these queries are not subject to the usual analysis OpenAI and Anthropic do on your queries if you use their own apps!
We hope to bring some improvements to this in the near future, as this is an important topic, especially for sensitive work!
Hey, to be clear, adding a file to .cursorignore stops it from being indexed, but the Composer can still see it if you:
a) add it as context with the @
b) have auto-context enabled, and the composer adds it itself
c) are using the agent, and the agent reads the file itself
We are working on adding support for a .cursorban file, which stops all of the above, and would make your file basically invisible to the AI.
