Jetbrain Copilot plugin Copilot token security

[githubmilind]

Select Topic Area

Question

Copilot Feature Area

JetBrains & Xcode

Body

JetBrains IDEs simplify the GitHub Copilot LLM jacking / model theft. It stores the Github Copilot token in plain text in the $HOME directory.

Can you encrypt the token so that it will become difficult to read.

[iyawnnn]

GitHub Copilot tokens are managed by the JetBrains IDE plugin, and currently, they are stored locally to authenticate your session. While it’s understandable to be concerned about plain-text storage, you shouldn’t manually modify or encrypt the token files — this could break the plugin’s ability to connect to GitHub.

To improve security:

1. Limit local access – Make sure your system user account and home directory permissions are restricted so no other users can access your files.
2. Use OS-level encryption – Enable full-disk encryption (e.g., BitLocker on Windows or FileVault on macOS).
3. Keep your IDE updated – JetBrains and GitHub frequently release updates that include security improvements.

If you want stronger protection, you can also open a feature request with JetBrains to support encrypted storage for Copilot tokens.