Security is a serious concern when using AI tools in your codebase. If you’ve gone though the (minor) hassle of extracting secret values into file like .env, it’s a bit silly to stream them to some intelligence API.

It’s well-understood that it’s a best practice to add your .env file (or equivalent) to .gitignore so it doesn’t get tracked in version history. It should become a best practice to deny AI tools the ability to read tokens from these files too.

I’ll show you how - the process only takes a minute or two.

How to stop Claude from reading .env