docs(extensions): clarify env var sanitization policy for MCP and ext… (#22854)

Co-authored-by: Jack Wotherspoon <jackwoth@google.com> Co-authored-by: Jenna Inouye <jinouye@google.com>
2026-06-01 19:03:42 +00:00 · 2026-05-14 14:23:38 -07:00
parent 2151653133
commit 0c0d88d90b
3 changed files with 47 additions and 3 deletions
--- a/docs/extensions/reference.md
+++ b/docs/extensions/reference.md
@@ -210,6 +210,22 @@ To update an extension's settings:
 gemini extensions config <name> [setting] [--scope <scope>]
 ```

+#### Environment variable sanitization
+
+For security reasons, sensitive environment variables are filtered out and not
+passed to extensions or MCP servers by default.
+
+Extensions **will not** inherit the user's full shell environment variables.
+They will only have access to:
+
+1. Standard safe variables (e.g., `HOME`, `PATH`, `TMPDIR`).
+2. Variables explicitly declared and requested in the `gemini-extension.json`
+   manifest via the `settings` array (using the `envVar` property).
+
+If your extension requires specific environment variables (like an API key,
+custom host, or config path), you **must** declare them in the `settings` array
+so the CLI can allowlist them for use within the extension.
+
 ### Custom commands

 Provide [custom commands](../cli/custom-commands.md) by placing TOML files in a