windsurf-security-basics

Solid

Apply Windsurf security best practices for workspace isolation, data privacy, and secret protection. Use when securing sensitive code from AI indexing, configuring telemetry, or auditing Windsurf security posture. Trigger with phrases like "windsurf security", "windsurf secrets", "windsurf privacy", "windsurf data protection", "codeiumignore".

AI & Automation 2,266 stars 315 forks Updated today MIT

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Windsurf Security Basics ## Overview Security best practices for Windsurf AI IDE: controlling what code Cascade can see, preventing secrets from leaking into AI context, managing telemetry, and configuring workspace isolation for regulated environments. ## Prerequisites - Windsurf installed - Understanding of Codeium's data processing model - Repository with identified sensitive files ## Instructions ### Step 1: Exclude Secrets from AI Indexing Create `.codeiumignore` at project root (gitignore syntax): ```gitignore # .codeiumignore — files Codeium/Windsurf will NEVER index or read # Secrets and credentials .env .env.* .env.local credentials.json serviceAccountKey.json *.pem *.key *.p12 *.pfx # Cloud provider configs .aws/ .gcloud/ .azure/ # Infrastructure secrets terraform.tfstate terraform.tfstate.backup *.tfvars vault-config.* # Customer data data/customers/ exports/ backups/ *.sql.gz ``` **Default exclusions (automatic):** Files in `.gitignore`, `node_modules/`, hidden directories (`.` prefix). **Enterprise:** Place a global `.codeiumignore` at `~/.codeium/` for org-wide exclusions. ### Step 2: Disable Telemetry (If Required) ```json // Windsurf Settings (settings.json) { "codeium.enableTelemetry": false, "codeium.enableSnippetTelemetry": false, "telemetry.telemetryLevel": "off" } ``` ### Step 3: Configure AI Autocomplete Exclusions Disable Supercomplete for file types that commonly contain secrets: ```json { "codeium.autocomplete.languages": { ...

Details

Author
jeremylongshore
Repository
jeremylongshore/claude-code-plugins-plus-skills
Created
7 months ago
Last Updated
today
Language
Python
License
MIT

Integrates with

Anthropic · AI Terraform · Infrastructure

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Solid

windsurf-data-handling

Control what code and data Windsurf AI can access and process in your workspace. Use when handling sensitive data, implementing data exclusion patterns, or ensuring compliance with privacy regulations in Windsurf environments. Trigger with phrases like "windsurf data privacy", "windsurf PII", "windsurf GDPR", "windsurf compliance", "codeium data", "windsurf telemetry".

2,266 Updated today
jeremylongshore
AI & Automation Solid

windsurf-install-auth

Install Windsurf IDE and configure Codeium authentication. Use when setting up Windsurf for the first time, logging in to Codeium, or configuring API keys for team/enterprise deployments. Trigger with phrases like "install windsurf", "setup windsurf", "windsurf auth", "codeium login", "windsurf API key".

2,266 Updated today
jeremylongshore
AI & Automation Solid

windsurf-policy-guardrails

Implement team-wide Windsurf usage policies, code quality gates, and Cascade guardrails. Use when setting up code review policies for AI-generated code, configuring Turbo mode safety controls, or implementing CI gates for Cascade output. Trigger with phrases like "windsurf policy", "windsurf guardrails", "cascade safety rules", "windsurf team rules", "AI code policy".

2,266 Updated today
jeremylongshore
AI & Automation Solid

windsurf-performance-tuning

Optimize Windsurf IDE performance: indexing speed, Cascade responsiveness, and memory usage. Use when Windsurf is slow, indexing takes too long, Cascade times out, or the IDE uses too much memory. Trigger with phrases like "windsurf slow", "windsurf performance", "optimize windsurf", "windsurf memory", "cascade slow", "indexing slow".

2,266 Updated today
jeremylongshore
AI & Automation Solid

windsurf-code-privacy

Configure code privacy and data retention policies. Activate when users mention "code privacy", "data retention", "privacy settings", "data governance", or "gdpr compliance". Handles privacy and data protection configuration. Use when working with windsurf code privacy functionality. Trigger with phrases like "windsurf code privacy", "windsurf privacy", "windsurf".

2,266 Updated today
jeremylongshore