Kiroignore

The .kiroignore file prevents Kiro from reading specific files in your workspace. Using familiar gitignore syntax, you define patterns for files that should remain private—credentials, secrets, or content you prefer to keep out of agent context.

Why use .kiroignore?

Security - Prevent Kiro from accessing files containing credentials, API keys, or other sensitive data
Privacy - Exclude confidential information from AI interactions
Compliance - Ensure Kiro doesn't access files that shouldn't be shared with external services
Focus - Keep Kiro's context relevant by excluding large files or build artifacts

Setting up workspace ignore

To exclude files in a specific project:

Create a .kiroignore file in your project root (or any subdirectory)
Add patterns for files you want to exclude:

bash

# Secrets and credentials
.env
.env.*
!.env.example
*.pem
*.key

# Private directories
secrets/
private/

Open Settings (Cmd+, on Mac or Ctrl+, on Windows/Linux)
Search for Agent Ignore Files (setting: kiroAgent.agentIgnoreFiles)
Add .kiroignore to the array

Kiro will now skip any files matching your patterns.

Setting options

The kiroAgent.agentIgnoreFiles setting accepts an array of filenames:

Use multiple ignore file types simultaneously: [".gitignore", ".kiroignore"]
Set to [] to disable workspace-level ignore files

Subdirectory ignore files

Like .gitignore, you can place .kiroignore files in subdirectories to override or extend patterns from parent directories. Patterns in subdirectory ignore files take precedence for files within that subdirectory.

Global ignore files

Kiro automatically honors global ignore files if they exist—no configuration needed:

~/.kiro/settings/kiroignore - Your global Kiro ignore patterns
Git's global ignore file (configured via core.excludesfile in your git config) - only applied in git repositories

Use global ignore files for patterns you want applied across all your projects.

Pattern syntax

.kiroignore uses standard gitignore syntax:

Pattern	Effect
`file.txt`	Ignore specific file
`*.log`	Ignore by extension
`folder/`	Ignore directory
`**/temp`	Ignore in any subdirectory
`!keep.txt`	Don't ignore (negation)

Examples

Protecting API keys and secrets

bash

# Environment files with credentials
.env
.env.local
.env.production

# Keep the template accessible
!.env.example

# Certificate and key files
*.pem
*.key
*.p12
credentials/

Excluding build artifacts and data files

bash

# Build outputs
dist/
build/
.next/

# Data files
*.sql
*.dump
data/exports/

Team compliance setup

bash

# Customer data directories
customer-data/
pii/

# Audit and compliance docs
compliance/internal/
audit-reports/

Best practices

Use comments to document why files are ignored—helpful for team members
Test patterns by asking Kiro to read an ignored file—it will indicate access is blocked
Review patterns periodically as your project structure evolves
Coordinate with your team on global patterns for consistent behavior across workspaces

Page updated: December 18, 2025

Multi-root workspaces

Specs

Why use .kiroignore?

Security - Prevent Kiro from accessing files containing credentials, API keys, or other sensitive data
Privacy - Exclude confidential information from AI interactions
Compliance - Ensure Kiro doesn't access files that shouldn't be shared with external services
Focus - Keep Kiro's context relevant by excluding large files or build artifacts

Setting up workspace ignore

To exclude files in a specific project:

Create a .kiroignore file in your project root (or any subdirectory)
Add patterns for files you want to exclude:

bash

# Secrets and credentials
.env
.env.*
!.env.example
*.pem
*.key

# Private directories
secrets/
private/

Open Settings (Cmd+, on Mac or Ctrl+, on Windows/Linux)
Search for Agent Ignore Files (setting: kiroAgent.agentIgnoreFiles)
Add .kiroignore to the array

Kiro will now skip any files matching your patterns.

Setting options

The kiroAgent.agentIgnoreFiles setting accepts an array of filenames:

Use multiple ignore file types simultaneously: [".gitignore", ".kiroignore"]
Set to [] to disable workspace-level ignore files

Subdirectory ignore files

Global ignore files

Kiro automatically honors global ignore files if they exist—no configuration needed:

~/.kiro/settings/kiroignore - Your global Kiro ignore patterns
Git's global ignore file (configured via core.excludesfile in your git config) - only applied in git repositories

Use global ignore files for patterns you want applied across all your projects.

Pattern syntax

.kiroignore uses standard gitignore syntax:

Pattern	Effect
`file.txt`	Ignore specific file
`*.log`	Ignore by extension
`folder/`	Ignore directory
`**/temp`	Ignore in any subdirectory
`!keep.txt`	Don't ignore (negation)

Examples

Protecting API keys and secrets

bash

# Environment files with credentials
.env
.env.local
.env.production

# Keep the template accessible
!.env.example

# Certificate and key files
*.pem
*.key
*.p12
credentials/

Excluding build artifacts and data files

bash

# Build outputs
dist/
build/
.next/

# Data files
*.sql
*.dump
data/exports/

Team compliance setup

bash

# Customer data directories
customer-data/
pii/

# Audit and compliance docs
compliance/internal/
audit-reports/

Best practices

Use comments to document why files are ignored—helpful for team members
Test patterns by asking Kiro to read an ignored file—it will indicate access is blocked
Review patterns periodically as your project structure evolves
Coordinate with your team on global patterns for consistent behavior across workspaces

Page updated: December 18, 2025

Multi-root workspaces

Specs