Lesson 1295 of 1596
AI Tools: Keep Secrets Out of Prompts, Logs, and Vendor Telemetry
Configure your AI tools so they never read .env files, never log API keys, and never send credentials to a vendor's training-data path.
Creators · Tools Literacy · ~6 min read
The premise
AI tools are vacuum cleaners for context; without explicit settings they will read .env, paste secrets into prompts, and log them where you cannot redact.
What AI does well here
- Add .env and credential paths to ignore lists
- Disable telemetry where the policy requires
- Use vendor-side keys-do-not-train settings
- Rotate any key that has ever been pasted into a prompt
What AI cannot do
- Delete data already sent to a vendor
- Replace secret-scanning tools
- Make any vendor's policy contractually binding for you
Key terms in this lesson
End-of-lesson quiz
Check what stuck
10 questions · Score saves to your progress.
Tutor
Curious about “AI Tools: Keep Secrets Out of Prompts, Logs, and Vendor Telemetry”?
Ask anything about this lesson. I’ll answer using just what you’re reading — short, friendly, grounded.
Progress saved locally in this browser. Sign in to sync across devices.
Related lessons
Keep going
Creators · 45 min
Structured Outputs: Make the Model Return Data You Can Trust
For production apps, pretty prose is often the wrong output. Learn when to use structured outputs, function calling, and schema validation.
Creators · 9 min
Pro Search vs Default: When To Spend The Compute
Pro Search runs more queries, reads more pages, and routes to a stronger model. It is not always worth the wait — knowing when it is is the skill.
Creators · 10 min
Perplexity For Academic Research: Strengths And Limits
Perplexity is fast at literature scoping and slow at literature reviewing. Knowing where the line falls saves graduate students from rookie mistakes.