Just encountered this: Claude Code DOES read all your secret, *.env, etc files by default, even if it's in  the .gitignore

You can add deny read rules (~/.claude/settings.json):

  "permissions": {
    "deny": [
      "Read(**/*.env*)",
      "Read(**/*.pem)",
      "Read(**/*.key)",
      "Read(**/secrets/**)",
      "Read(**/credentials/**)",
      "Read(**/.aws/**)",
      "Read(**/.ssh/**)",
      "Read(**/docker-compose*.yml)",
      "Read(**/config/database.yml)"
    ]
  }

• building @bankr
• founder @payflow 
• made in /crimea 🇺🇦

follow @1dolinski · challenge your habits · everyone needs an ai — dm me for yours or talk to mine: https://getfirstresponder.com/talk/1dolinski

I haven't experienced that since using it for a week, but today it did read for some reason

planting causal loops; harvesting reflexivity

oh, you mean cursor as well? I think they have .cursorignore though, it doesn't work? don't remember cursor reading any *env files from my 7-8 months of usage.

in cursor is a mess how they handle it, because then the model thinks .env doesnt exist (they should censor only the secrets, not whole file access)

then it ends up harccoding secrets else-where

also it can just do cat .env on terminal lol