LeakLens 🔍
Find exposed API keys before hackers do — right inside VS Code.
LeakLens scans your code in real-time for hardcoded secrets and API keys, highlights them inline, blocks commits via a Git hook, and keeps a live sidebar panel of all detected leaks.
Features
🚨 Inline Highlights
As you type, LeakLens underlines detected secrets with color-coded warnings:
- 🔴 Critical — Anthropic, OpenAI, Google, AWS keys
- 🟠 High — GitHub tokens
- 🟡 Medium — Generic hardcoded passwords/secrets
Hover over any highlight to see details and a direct link to revoke the key.
🛡️ Pre-commit Git Hook
Run LeakLens: Install Pre-commit Git Hook to block any commit that contains a detected secret. The hook scans only staged files and prints exactly which file and provider was detected.
A dedicated activity bar panel shows all detected secrets across your workspace, grouped by file. Click any item to jump directly to the offending line.
📁 Auto .gitignore
Run LeakLens: Add .env to .gitignore to automatically append .env, *.pem, *.key, secrets.json, and other sensitive file patterns to your .gitignore.
🔍 Full Workspace Scan
Run LeakLens: Scan Entire Workspace to scan all source files at once and get a full report.
Supported Providers
| Provider |
Pattern |
| Anthropic |
sk-ant-api* |
| OpenAI |
sk-proj-*, sk-or-v1-*, sk-* |
| Google AI |
AIzaSy* |
| AWS |
AKIA*, aws_secret_access_key |
| GitHub |
ghp_*, gho_*, ghs_*, ghu_* |
| Generic |
api_key = "...", secret = "..." |
Commands
| Command |
Description |
LeakLens: Scan Entire Workspace |
Scan all files in the project |
LeakLens: Install Pre-commit Git Hook |
Block commits with secrets |
LeakLens: Add .env to .gitignore |
Protect sensitive files |
Settings
| Setting |
Default |
Description |
leaklens.enableOnSave |
true |
Scan on every file save |
leaklens.enableInlineHighlights |
true |
Show inline decorations |
leaklens.excludePatterns |
[node_modules, dist...] |
Glob patterns to skip |
Best Practices
- Never hardcode secrets — always use
.env files
- Add
.env to .gitignore before your first commit
- Install the Git hook on every new project
- Rotate any key that LeakLens flags immediately
Made with ❤️ for developer security awareness.
