AI Tools
Vibe coding? Your secrets are already leaking.
AI coding tools read your project files. When a .env file is present, it gets pulled into context — silently, automatically, often without you noticing. EnvNest fixes this with one command.
One command
Detects Claude Code, Cursor, Windsurf, and Codex in the current project directory. Writes a skill file that teaches the AI never to touch .env files, and an MCP config that connects the AI directly to EnvNest — so it can read and write secrets without ever seeing raw values in the chat.
- ✓Non-destructive — appends to existing files, never overwrites
- ✓Idempotent — safe to run more than once
- ✓Project-scoped — writes to the current directory, not your home folder
What gets created
Each detected tool gets two files: a skill file with EnvNest rules, and an MCP config pointing at the EnvNest endpoint.
Claude Code
skill .claude/CLAUDE.md
config .claude/settings.json
{
"mcpServers": {
"envnest": {
"url": "https://app.envnest.dev/mcp",
"headers": {
"Authorization": "Bearer <your-token>"
}
}
}
}Cursor
skill .cursorrules
config .cursor/mcp.json
{
"envnest": {
"url": "https://app.envnest.dev/mcp",
"headers": {
"Authorization": "Bearer <your-token>"
}
}
}Windsurf
skill .windsurfrules
config .windsurf/mcp.json
{
"envnest": {
"url": "https://app.envnest.dev/mcp",
"headers": {
"Authorization": "Bearer <your-token>"
}
}
}Codex
skill .codex/instructions.md
config .codex/mcp.json
{
"envnest": {
"url": "https://app.envnest.dev/mcp",
"headers": {
"Authorization": "Bearer <your-token>"
}
}
}Self-hosted instance?
The URL is taken from your active profile in ~/.envnest/config.json — so if your profile points at a self-hosted instance, envnest ai init will use that URL automatically. No extra configuration needed.
"url": "https://your-instance.com/mcp"