The AI Stack for devs
Posts
Don’t trust your agent with secrets

Don’t trust your agent with secrets

Best practices to deny sensitive files to AI agents

Sanket Gawas
August 19, 2025 • Estimated Reading Time: 7 minutes

A warm welcome to all the new ~350ish subscribers who joined us since last week! AI Stack is now 600 engineers strong. And thank you for all the feedback. It helps me focus on the problems that matter most to you. I’ve also added a quick poll at the end of this issue. If you find this newsletter useful, please take a moment to vote and share it with a colleague. Lets dive in.

I was speaking to a friend and he expressed his concern that copilot reads his .env file and if there’s a way to deny copilot from reading it. And he’s right to worry about it. AI coding agents can read .env files and surface secrets in suggestions or context which could be a risky exposure.

Here's how to explicitly deny agents access to your sensitive files

Claude Code: Explicitly deny access to .env

Claude Code supports project-level permissions to block file reads. Deny rules prevent Claude from reading or using those files as context in the session.

Steps:

Create a .claude/settings.json in the repo root.
Add deny rules for .env and sensitive paths.

{
  "permissions": {
    "deny": [
      "Read(./.env)",
      "Read(./.env.*)",
      "Read(./secrets/**)",
      "Read(./config/credentials.json)"
    ]
  }
}

Reload the project or restart the session to apply settings.
Validate by asking Claude to summarize files it can read or by prompting for .env content. It should refuse if deny rules are active.

Tips:
- Review Claude’s security and settings pages periodically for updates to permission semantics and defaults.
- Treat deny rules as a guardrail. Keep secrets outside project roots where possible.
- Claude Code settings documentation

Cursor: Use .gitignore and privacy settings

Cursor’s behavior is influenced by workspace scope and privacy modes. Community threads emphasize combining .gitignore hygiene with Cursor settings and verifying behavior manually.

Steps:

Add sensitive patterns to .gitignore so they’re not part of the tracked workspace footprint.
Enable Privacy Mode (if available in the installed build) and minimize workspace to only necessary folders. Avoid opening secrets directories in the project tree.
Validate manually:
- Ask Cursor to search or summarize .env. Ensure it cannot access content.
- Check that suggestions in other files don’t surface values from .env.

Notes:
- Reports indicate .gitignore alone does not guarantee agent exclusion. Rely on workspace scoping, privacy settings and keeping secrets outside the repo root for defense in depth.
- Track Cursor forum updates for any new file exclusion controls or ignore files. Behavior can change across versions.

GitHub copilot: Org exclusion + VS Code settings

Copilot provides the most reliable control via org/repo “Content Exclusion” for Business/Enterprise, with local VS Code fallbacks for individuals.

Copilot Content Exclusion (Business/Enterprise)
- What it does: Excludes files from completions, context, Copilot Chat and code review.
- Where: Org/Repo Settings - Copilot - Content exclusion.
- Patterns to add: .env, .env.*, and any subfolder variants needed.
- Configure exclusion

VS Code settings (Individuals)
Approach 1: Associate .env with dotenv and disable Copilot for that language.

{
  "files.associations": {
    ".env*": "dotenv"
  },
  "github.copilot.enable": {
    "*": true,
    "dotenv": false
  }
}

Approach 2: Force plaintext for all env variants (prevents completions from triggering).

{
  "files.associations": {
    ".env*": "plaintext"
  }
}

- After changing VS Code settings, restart VS Code and open a .env file. Verify Copilot is disabled/ignored in that buffer.
- Test in other files that Copilot does not surface secrets from env content.

Notes:
- .copilotignore is not reliable as a sole control according to multiple community reports. It’s preferred to use org exclusion + VS Code settings.
- Features and reliability vary by Copilot client version. Be sure to retest after updates.

The Future of AI in Marketing. Your Shortcut to Smarter, Faster Marketing.

This guide distills 10 AI strategies from industry leaders that are transforming marketing.

Learn how HubSpot's engineering team achieved 15-20% productivity gains with AI
Learn how AI-driven emails achieved 94% higher conversion rates
Discover 7 ways to enhance your marketing strategy with AI.

Outpace your competitors by mastering AI.

Get Your Free Guide

If you’re not a subscriber, here’s what you missed this month

Subscribe to get access to such posts every week in your email.

👀 Whats shipping (shipped) this week?

Claude gets memory recall to retain preferences & past project context.
Claude Code now supports customizable output styles, prebuilt or user defined modes that change how the AI responds.
Docker now features built in Model Context Protocol hooks, letting devs spin up tool using agents faster within familiar devops stacks.
Cursor Agent now has a Command-Line Interface (CLI) in Beta.
Notion just launched a hosted MCP server so AI agents like Cursor and Claude can directly use Notion tools.

📖 Worth the scroll

🤓 Case Studies

DX’s new framework shows that to measure AI coding tools’ real impact, teams must track not just code output but a mix of adoption, usage, quality and business outcomes.

📰 Recommended newsletters

Techpresso gives you a daily rundown of what's happening in tech and read by 300,000+ professionals.

The Deep View The go to daily newsletter for 250k+ founders and knowledge workers who want to stay up to date with artificial intelligence..