Copilot can read my local projects .env files. This data can be displayed as suggestion to another dev in the future?

[leticiayanaguya]

This can be a silly question, but I didn't found much enlightenment reading the docs.

As expected, Copilot is primarily suggesting codes related to my own repo.
I noticed that it also completes with values ​​that are inside my development environment .env files.

What is being shown to me, from my local repo, will probably be used to improve the AI suggestions. Can these kind of values eventually be visible to another developer in the future?

[stevenpollack]

Given the potentially sensitive nature of data in .env's (e.g. api keys and secrets), it'd be interesting to see a potential black-list feature where we can tell co-pilot to ignore particular paths/files...

[WarrenMfg]

Same concern. For the time being I added the following to my settings.json file in VS Code. Copilot no longer makes suggestions in those files, but I have no idea if it's still reading and transmitting them.

"github.copilot.enable": {
  "*": true,
  "plaintext": false, // for `.env` files
  "json": false, // for `local.settings.json` files
  }

[kwolniak]

According to this: https://twitter.com/PrimaryObjects/status/1414542721075847170 .env files are ignored.

[steebchen]

Not really sure if that's universally true; for example in IntelliJ Copilot works in .env files (it suggests things, so I'm assuming it also sends the contents to their servers).

[daniel-krastev]

I find it very baffling that ignoring of files is allowed in the business version and not in the still paid subscription version for individuals? Currently if I open an .env files I can see copilot generating suggestions.

[ricklove]

Github copilot is working in my .env file - This seems like a security issue that is not resolved.

Note to self: don't put important stuff in .env files.