Configuration

Customize nokey.ai to fit your workflow and security requirements

Configuration File

nokey can be configured using a .nokey.yaml file in your project root or a global configuration at ~/.config/nokey/config.yaml.

Project-specific configurations take precedence over global settings.

Creating a Configuration

Initialize a new configuration file in your project:

nokey init

This creates a .nokey.yaml file with sensible defaults.

Configuration Options

protected_patterns

Define file patterns that should be protected from AI access. 

protected_patterns:
  - "**/.env"
  - "**/.env.*"
  - "**/secrets.yaml"
  - "**/credentials.json"
  - "**/*_key.pem"
  - "**/*.key"
  - "~/.ssh/**"
  - "~/.aws/credentials"

Patterns use glob syntax. Double asterisk (**) matches any directory depth.

ignored_patterns

Files that should be completely ignored by nokey (always allow AI access). 

ignored_patterns:
  - "**/.git/**"
  - "**/node_modules/**"
  - "**/dist/**"
  - "**/build/**"
  - "**/__pycache__/**"

notifications

Configure how nokey notifies you about AI access attempts. 

notifications:
  enabled: true
  on_deny: true        # Notify when AI access is denied
  on_allow: false      # Notify when AI access is allowed
  method: "desktop"    # Options: desktop, terminal, both

audit_log

Configure audit logging behavior. 

audit_log:
  enabled: true
  path: "~/.config/nokey/audit.log"
  max_size_mb: 100
  retention_days: 90
  format: "json"       # Options: json, text

default_action

What to do when AI requests a file that doesn't match any rules. 

default_action: "allow"  # Options: allow, deny, prompt
  • allow - Allow access by default (recommended for most users)
  • deny - Deny access by default (maximum security)
  • prompt - Ask for permission each time

ai_assistants

Configure behavior for specific AI coding assistants. 

ai_assistants:
  claude_code:
    enabled: true
    trust_level: "high"    # Options: high, medium, low
  cursor:
    enabled: true
    trust_level: "medium"
  github_copilot:
    enabled: true
    trust_level: "medium"

Trust levels affect how aggressively nokey protects your secrets.

Example Configuration

Here's a complete example configuration file: 

# .nokey.yaml
version: "1.0"

protected_patterns:
  - "**/.env"
  - "**/.env.*"
  - "**/secrets.yaml"
  - "**/credentials.json"
  - "**/*.pem"
  - "~/.ssh/**"

ignored_patterns:
  - "**/.git/**"
  - "**/node_modules/**"

notifications:
  enabled: true
  on_deny: true
  on_allow: false
  method: "desktop"

audit_log:
  enabled: true
  path: "~/.config/nokey/audit.log"
  retention_days: 90

default_action: "allow"

ai_assistants:
  claude_code:
    enabled: true
    trust_level: "high"

Environment Variables

You can also configure nokey using environment variables:

  • NOKEY_CONFIG_PATH - Custom path to configuration file
  • NOKEY_LOG_LEVEL - Logging verbosity (debug, info, warn, error)
  • NOKEY_DISABLE - Temporarily disable nokey (set to "true")

Managing Configuration

View current configuration

nokey config show

Reset to defaults

nokey config reset

Validate configuration

nokey config validate

Best Practices

  • Start with the default configuration and adjust as needed
  • Use project-specific configs for team collaboration
  • Commit .nokey.yaml to version control
  • Never disable audit logging in production environments
  • Review audit logs regularly to understand AI access patterns