Key Privacy

🔐 .env file?

A .env (environment) file is used to store environment variables — typically things like:

API keys
Database passwords
Secret tokens
Configurations specific to your local dev setup

Example .env file:

API_KEY=sk-abc123456
DB_PASSWORD=supersecret

🚫 Why should .env be in .gitignore?

A project's .gitignore file specifies files that should not be added into your (possibly public) GitHub repository. You don’t want to commit sensitive info to your Git repo. If you push .env to a public GitHub repo, your secrets could be exposed — and bots actively search GitHub for leaked keys.

✅ How to use .gitignore correctly

Add this line to your .gitignore file:

.env

This tells Git to ignore any file named .env in your project directory. Git won’t track it, won’t show changes, and won’t commit it

If your .env file is already tracked (oops!), remove it from Git history:

git rm --cached .env

Then commit the change:

git commit -m "Remove .env from repo"

📄 .env.example

You can include a .env.example or .env.template file in your repo with placeholder values:

API_KEY=your-api-key-here
DB_PASSWORD=your-password-here

This way, teammates or collaborators know what values they need without getting your secrets.

Cursor Developers

Ask Cursor to help you set up the .env file for any API keys you have, and ask it to set up the .gitignore file for you. It will help you run the commands above. Sample request: "Please store any API keys and sensitive settings in my app in a .env file, fix all references to those, and modify the .gitignore file to include .env."