How to stop AI coding agents from reading your `.env` secrets

I was working in Claude Code when it opened my .env to "understand the configuration" — and then, helpfully, suggested I rotate the keys, since they were now exposed. The thing that exposed them was t