How to correctly deny Copilot access to .env files in Intellij?

[tw-eugeneoei]

Select Topic Area

Question

Copilot Feature Area

General

Body

I have read quite a few posts on preventing Copilot from accessing .env files ie read or write operations to these files. However, many of these are on how it can be done on VS code. But my primary IDE is IntelliJ. Also, the project's repo is on GitLab not GitHub.

I added some configurations to achieve the following 2 outcomes:

• prevent read and write access to .env files within the current project
• prevent auto completion in any .env files within the current project

To prevent read and write access to .env files within the current project, I added a .github/copilot-instructions.md file with the following instructions

---
applyTo: '**/*.env'
description: 'Block all access to files with .env extension'
---

# Access to files

Regardless of which mode you are in (ie "Agent", "Ask" or "Edit" or any other new modes in the future), you should never read or write files with the `*.env` extension. These files often contain sensitive information such as API keys, passwords, and other configuration details that should not be exposed.

If you were to access or modify these files, ask me for explicit permission first. If I do not grant permission, do not proceed with any operations involving these files. Always prioritize user privacy and data security in your operations.

To prevent auto completion in any .env files within the current project, I associated *.env to the Properties file type and then disable the completion accordingly

All seems to be working fine and well in all 3 modes, "Ask", "Agent" and "Edit".

And i asked Copilot for assurance 😅

Until later, I tried again to update a value in the .env file and it did

And I asked why

What is the guidance on properly preventing Copilot's access to sensitive files? What is the assurance we can get that it is behaving the way it should? Or is there zero assurance? 🤔

[MisterRoach]

Can't tell regarding how well assurred it can be - depending on what permissions Copilot is inheriting when doing it's thing, you may could have success by changing the access/read/write/execute permissions locally, but haven't worked with Intellij yet.

I also wouldn't fully trust it's response regarding it would now "correctly following your instructions".
The technical systemic instructions and processing will always take priority(under normal circumstances).

Sometimes it will even trick you by using linguistic loopholes(meaning it like, it sometimes isn't actually lying with a given response, but only doing so by deviating in an interpretation of a sentence).

Sometimes it's also possible that Copilot/the model in use will pretend to have abilities or to execute something although it isn't capable of what you asked for - but this is something I think varies heavily depending on the instruction file(s) it's acting on.

Besides that, natively from GitHub Copilots site, it's a little bit limited and partially also bound to which subscription you're having.

Excluding content from GitHub Copilot

[!NOTE]
GitHub Copilot CLI, Copilot coding agent, and Agent mode in Copilot Chat in IDEs, do not support content exclusion. For more information, see About GitHub Copilot coding agent and Asking GitHub Copilot questions in your IDE.

Limitations of content exclusion

[!NOTE]

• Content exclusion is in public preview on the GitHub website and in GitHub Mobile and is subject to change.
• Content exclusion is currently not supported in Edit and Agent modes of Copilot Chat in Visual Studio Code and other editors.

Limitations of content exclusion

It's possible that Copilot may use semantic information from an excluded file if the information is provided by the IDE indirectly. Examples of such content include type information and hover-over definitions for symbols used in code, as well as general project properties such as build configuration information.

Currently, content exclusions do not apply to symbolic links (symlinks) and repositories located on remote filesystems.

Availability of content exclusion

The Copilot Business and Copilot Enterprise plans provide the following level of support for content exclusion.

[FAKE-SURYA]

You can block Copilot from .env files in IntelliJ by changing file permissions or using a .copilot-instructions.md config, but Copilot’s protection isn’t 100% reliable yet. Always double-check sensitive files manually.

[vijaypurohit322]

Great question! The behavior you're experiencing highlights an important limitation with Copilot's content exclusion mechanisms, especially when using Agent and Edit modes.

Current State of Content Exclusion:

As of now, GitHub Copilot's content exclusion features have several key limitations:

1. Agent and Edit modes do not support content exclusion - This is explicitly documented by GitHub. Your .github/copilot-instructions.md file won't be honored in these modes, which explains why Copilot was able to edit your .env file when you asked it to.

2. .copilot-instructions.md primarily affects code suggestions - These instructions work best for inline code completion, but the agent-based interactions may not respect them consistently.

Recommended Approach for IntelliJ:

Since you're using IntelliJ, here are the most reliable methods:

1. Use .gitignore patterns - While this doesn't prevent Copilot access directly, it helps signal that these files shouldn't be processed. Add:

   *.env
   .env.*
   

2. Disable Copilot for specific file types - In IntelliJ:

   • Go to Settings → Tools → GitHub Copilot
   • Add *.env to the list of excluded file patterns
   • This should prevent code suggestions in these files

3. For Enterprise/Business users - Repository-level content exclusions can be configured at the organization level through GitHub settings (Settings → Copilot → Content Exclusion), but this requires admin access.

Assurance Level:

Unfortunately, the assurance level is currently not 100%:

• Agent and Edit modes will likely continue to access files if explicitly instructed
• The LLM may infer sensitive information from context even if files are excluded
• File permissions and IDE-level exclusions are your best defense

Best Practices:

1. Never store actual production secrets in .env files in your working directory
2. Use environment variable managers or secret management tools
3. Always review Copilot's suggestions before accepting, especially for sensitive operations
4. Disable Copilot entirely when working with highly sensitive files

The good news is that GitHub is actively working on improving content exclusion. For now, combine multiple layers of protection and maintain vigilance when using Agent/Edit modes near sensitive files.