Option for disabling Copilot in specific files

[kam193]

Hey,
I'm seeking an option to disable the Copilot in specific files. I want to avoid disabling it for a whole language, just disable in e.g. some JSON-based configuration files (where credentials may occur, and so I don't want Copilot to scan those files).

I cannot find anything like this in configuration. Any chances to get it in the future?

[davecheney]

Open, or create, a file with the extension you don’t want copilot to offer completions on. Click the copilot icon, choose disable

[kam193]

Thanks, Dave - I know this feature, but unfortunately, it allows just global or language (extension) based disabling. I'd like to avoid so broad disabling.

E.g.: I could have a local-config.json and test-fixture.json files in the same workspace. Thought, I'd like to use Copilot in the second, but not in the first.

[laalamrajesh]

@kam193, can you confirm whether this issue has been resolved or not?

[kam193]

I'm not using Copilot at the moment, so I cannot confirm or not. The whole time I was using it, the case wasn't resolved.

[BrennerSpear]

How do I disable it for my .env files?

[ghost]

open a .env file, then click the copilot icon. it will say both disable globally and disable for xxx, click the second option and the icon should change color. to get it back, just click the icon once again

[midnightcodr]

I found enable/disable .extension implementation to be very buggy. Say I have both .env and .gitattributes under my project. If I disable copilot for .env (which will also disable for .gitattributes because copilot classifies these two, or any files starting with a dot as properties files) then enable for .gitattributes later on, it will eventually enable .env as well - definitely not something I would expect.

[OmerFI]

I think there will be a quick option that disables/enables the copilot for the current file or current workspace

[dustinaleksiuk]

I'd really like to be able to disable Copilot for a given path wildcard that I specify. It is totally broken to the point of being unusable for styled-component tag functions in a .ts file. We name those files with a .styled.ts suffix.

[cchalfan1]

It would be really nice if there were commands like eslint e.g. // @copilot disable-file

[asheroto]

+1

[mengyun8715]

+1

[scemama]

+1

[bonnth80]

+1

[shalanah]

+1

[atipugin]

👍🏻 for the feature, sometimes I just want to play with code without any suggestions from Copilot, but don't want to actually disable it per language.

[kdawgwilk]

This is becoming more of a security concern for various companies. I think it would be prudent to support extension settings to add file globs that should be ignored that we can check into our repos settings.json to prevent any information from being sent to github servers such as .env contents

[danielfree]

+1 for regex file globs, maybe just some global settings for the plugin at least

[tomij-secapp]

A way to exclude certain files would be very needed. Preferably with an option to do that in a centralized manner.

[atipugin]

+1 for .copilotignore. It could be utilized by other editors with copilot plugins (e.g. vim)

[JPustkuchen]

I think this is a good idea! Shouldn't this be an issue then (feature request) to be seen by the developers?

[kevinferrero]

Happy to submit a feature requests for this, but I haven't found the right spot. The VS Code extension links to this community discussion area for Issues. A search of copilotignore shows several repeats of the question.
https://github.com/orgs/community/discussions?discussions_q=copilotignore

The VS Code extension itself seems to name .copilotignore as a file format... but it doesn't appear to function, and I haven't found mention of it in any documentation. It shows up in my list of file formats though.

[fili]

fyi: https://github.com/orgs/community/discussions/10305

[okineadev]

a ".copilotignore" file listing filenames and patterns to disable suggestions in would be awesome.

I suggest using the universal .aiexclude format, which is not tied to a specific company, application or AI, which is just suitable for everything - https://github.com/orgs/community/discussions/11254#discussioncomment-10461122

[LiamKarlMitchell]

This is kind of necessary feature per project to look at an ignore file.
.copilotignore

.env
settings.yaml
firebase_options.dart

You might want to ignore it in some files but use it in same file type elsewhere in same project e.g. populating test data in json files but for whatever reason using json file that might also have secrets you don't want to upload to internet.

[EricDuminil]

.env should be disabled by default. Opening VSCode + Copilot in any folder with an .env file is a security risk right now. Even if it just takes 3s to change the setting and prevent Copilot from checking .env, those 3s can be enough for credentials to be leaked.

[gmeligio]

I would like to have the option to disable it in "Untitled files" like it was reported here https://github.com/orgs/community/discussions/67236

Sometimes I need to check sensitive snippets, and I paste them in an editor. I can't use IDEs with Copilot because it can't be disabled. It's an overhead for me to be careful with what type of content I have on the clipboard and choose the text editor based on that.

[starball5]

Related on Stack Overflow: How to Exclude Specific Files (like .env) from GitHub Copilot in VS Code?

[Superskyyy]

cant it just inherent from something like .gitignore

[asheroto]

Take a look at this. The dev just came out with it recently and it works great! Simply install the extension and create .copilotignore with glob patterns. 😊

https://github.com/orgs/community/discussions/10305#discussioncomment-8226775

https://github.com/mattickx/copilotignore-vscode

[Superskyyy]

great!

[spaiq]

Does this take care of security concerns i.e. stops copilot from reading these files and works for copilot chat as well?

[dmm2321]

If you all are using VSCode, you may want to look into the Profile feature. Your VSCode account and GitHub authorizations don't change, but it's as if you're using a different account so you can modify your settings and extensions to for specialized projects/uses.

For example, from the original post, it looks like she may have a job handling security sensitive files. So she could create a "Work" profile to only include the necessary extension; she can choose to not install Copilot or any other extensions that may cause a problem/violation in her work.

You can access your profiles from the File menu > Preferences. It switches over pretty fast and it's definitely faster than if you are repeatedly changing the same settings and extension access.

Here's the link to the VSCode documentation. Hope this helps you all out :)
https://code.visualstudio.com/docs/editor/profiles

[strudelPi]

I think the problem that folks are trying to solve is having the extension for work where files with possibly same extensions or extensions not recognized as a "language" in vscode might have sensitive data. I do not think this is a solution.

[dtinth]

Seems like this is now available in Copilot Business

https://docs.github.com/en/copilot/managing-github-copilot-in-your-organization/configuring-content-exclusions-for-github-copilot

[nabe1653]

Is this working on local files too?

I found the doc that saying set rule on repo too, but VSCode will work local file too.

We thought client will have settings, not repo(cloud) base rule.

[okkdev]

Super weird solution. What if my repo isn't on github?

[rupert-jung-mw]

Don't even have this setting available.

[jakemayfield]

I'm convinced that GitHub has no intention of making this feature available to individual, paying subscribers. I think I'll cancel and consider alternatives in its place until GitHub comes around. This stinks, plain and simple.

[okineadev]

Good afternoon, I suggest using the name .aiexclude instead of .copilotignore so that this file is suitable for everyone, both Gemini in Android Studio and GitHub Copilot

Link to .aiexclude file documentation - https://developer.android.com/studio/preview/gemini/aiexclude

[asheroto]

Thanks for that info. I can see that it's viable for Android Studio, but I'm having trouble finding the documentation that explains how GitHub Copilot honors it as well. Do you have that link?

[okineadev]

Thanks for that info. I can see that it's viable for Android Studio, but I'm having trouble finding the documentation that explains how GitHub Copilot honors it as well. Do you have that link?

There is no such link, I came up with the initiative myself, I hope GitHub will see this and notice it, because it is really necessary to control which resources the AI can see and which cannot, because even accidentally confidential files can get into its training

[asheroto]

Ah I see what you're saying now. Indeed, that would be a good filename choice.

[wesleyboar]

Excellent! One suggestion at a time if we must. I will help.

[ruzzzz6312]

My API key leaked, long story short, full system is in a very controllable and closed environment no public repos, .env added to .gitignore, my only thought it leaked via Copilot as a suggestion to someone else in their IDE.

Disabled it completely. Very very uncool that as an individual I can't disable certain files from copilot access.

[asheroto]

Right? This very thing scares me!

[ruzzzz6312]

disabled copilot

[arun98aol]

This fixed it for me

Go to Settings => search "github.copilot.enable" => Add an entry {"key": "properties", "value": "false"}

[asheroto]

That's disabling for specific languages, but not for specific files.

functions.php <-- might be okay to read
secrets.php <-- not okay to read

[arun98aol]

Yeah, here's a short-term workaround for specific files. Caveat: these files lose language recognition (shouldn't be a huge problem for key/secrets? I may be biased). Thoughts?
Step 1: Associate certain group of files I want to exclude to a custom language. Add {"{.env,*.key,secrets.php}": "secret"}

Step 2: search github.copilot.enable => Add an entry {"secret": "false"}

IMHO: Copilot should support this file exclusion more directly. Hope that happens soon!

[wesleyboar]

Warning

After doing this, Copilot can still read file and its content. I asked why it could, given my settings.

GitHub Copilot
Yes, I can still access the file secrets.py and provide assistance with it. The setting "github.copilot.enable": { "secret": false } only disables GitHub Copilot's code suggestions and completions for files associated with the "secret" language mode. It does not prevent me from accessing or viewing the file content.

Screenshots

ai thinks it can access file	ai can read file content

Details

I closed and re-opened the workspace while removing and adding settings.

Chat 1

• me:

  #file:secrets.py Can you read this file?

• ai:

  Yes, I can read the file /* secrets.py. How can I assist you with it?

Chat 1 (continued)

• me:

  Show me the first three lines from #file:secrets.py

• ai:

  ########################
  # DJANGO
  ########################
  

settings.py

    "files.associations": {
        // ...
        "{secrets.py}": "secret"
    },
    "github.copilot.enable": {
        "secret": false
    },

secrets.py

########################
# DJANGO
########################

…

[QuadrupleA]

That Copilot gives individual users no way to avoid sending DB credentials, API keys, and other sensitive data to their all-seeing AI models, just by opening their IDE, is abusive and borderline criminal.

Let us exclude a file or two!

[wesleyboar]

Cursor had a similar request. It seems to have just been achieved with v0.46.x via .cursorignore improvement & .cursorindexingignore feature.

[abradaric]

wow, I can't believe this is locked behind business/enterprise plans. no one should leak secrets and api keys, free, pro, and everyone else!!!

[tiropictor]

Dammit. Was shocked to see my ENV data in Copilot replies recently. Guys, seriously, this is HUGE HOLE in security. API key, secrets - EVERYTHING is just leaking back and forth to goddamn FOUR EXTERNAL llm-models. Seriously? I've never added .env to git. I've put in to .gitignore, I've added it to .copilotingore, I've done ALL that is possible, but still - silicon brain watches me.

User MUST have a possibility to RULE what ai is allowed to see and what is not. Otherwise it's just like walking the street without pants.

[tiropictor]

ok, so here is quick workaround/solution for my node.js project:

TL:DR: I've moved .env out of scope of project directory.

was: /Home/User/My-project/.env
became: /Home/User/.my-node-project-env

AND added
dotenv.config({ path: '/Home/User/.my-node-project-env' });
instead of
dotenv.config();
in entry point (/server.js or /index.js whatever you use).

So, before deploying to test/prod server now I shall now NOT TO FORGET remove that path to custom .my-node-project-env file again, but at least now Copilot is not reading my secrets and other sensitive data.

Seems like Copilot (at least for now) is limited by scope of your project files, which can be used to keep your sensitive data safe.

[sizhky]

simple and elegant!