Background: I was using Cursor to set up an OpenAI integration.The agent read my .env file, added the key to the config, and everything worked. What I didn't think about: that key was now sitting in a plaintext SQLite database at ~/Library/ApplicationSupport/Cursor/User/workspaceStorage/..
AI coding tools (Cursor, Claude Code, Copilot, Cline) routinely read .env files as part of normal operation. Every secret they touch gets embedded in their local transcript/state files — unencrypted, outside .gitignore, persisted indefinitely.
Standard secret scanners (gitleaks, detect-secrets) scan git
repos. Nobody scans AI transcript stores. That's the gap.
Sieve scans those files locally on your Mac. Flags exposed keys by severity. Redacts them in-place. Stores fingerprints in Keychain — never plaintext. Covers Cursor, Claude Code, Claude Desktop, Copilot, Cline, Roo Cline, Windsurf, Gemini CLI, and .env files.
Happy to answer questions about how the SQLite parsing works or the detection rules.
It would be nice to use something like SOPS[1] + age right from the start, so I don't feel like I need to go rotate all those keys.
It's one thing to have it stored locally on your own box, and another to have it off in the training data of a hugely-overvalued gigantic corporation that's going to do anything it can to survive in the coming years.
[1] https://github.com/getsops/sops
reply