Skip to content

Excluding ENV Secrets from Github Copilot

Published:

hpc featured

When working with GitHub Copilot, it’s important to ensure that sensitive information like environment secrets doesn’t get exposed unintentionally. Here’s how you can keep your secrets safe:

Table of contents

Open Table of contents

Use .gitignore Properly

Ensure that your .env files or any other files containing secrets are included in .gitignore. This prevents them from being committed to your Git repository in the first place, reducing the risk of Copilot suggesting these secrets later.

# Add this to .gitignore
.env

Configure GitHub Copilot to Exclude Patterns

While GitHub Copilot does not currently support an official .copilotignore file, there are workarounds. You can use the content exclusion settings in GitHub to specify which files or paths Copilot should ignore within your repository or organization.

For Visual Studio Code users, there’s a third-party extension called Copilot Ignore, which allows you to create a .copilotignore file. This extension lets you disable Copilot suggestions for specified files or directories, though it has some limitations and is not an official GitHub feature.

# .copilotignore
.env
*.secret

Leverage Secret Management Services

For added security, use secret management tools like AWS Secrets Manager, Google Cloud Secret Manager, or HashiCorp Vault to store your secrets securely, rather than hardcoding them in your project. This way, even Copilot won’t have access to them.

Be Cautious with Auto-Suggestions

When Copilot suggests code, especially related to configuration, double-check that it doesn’t inadvertently include sensitive information. If Copilot learns from your own code, it might suggest your secrets back to you.

By following these steps, you can minimize the risk of exposing sensitive data while using GitHub Copilot.

Source(s)