Vault Radar extension for VS Code

Note: This extension is currently in BETA. Please try it out and give us feedback!

This Visual Studio Code extension uses Vault Radar CLI to highlight secrets detected and help with the remediation.

Features

• Real-time Secret Detection: Get immediate feedback on hardcoded secrets.
• Intelligent Highlighting: Easily identify secrets with clear severity indicators for quick assessment.
• Detailed Secret Information: Hover or click on detected secrets to view crucial details like secret type, severity, and activeness.
• Actionable Remediation: Connect to a Hashicorp Vault instance to correlate known risks or copy discovered secrets.

Available Commands

• Vault Radar: Scan content in active editor - Scan the currently active file
• Vault Radar: Scan entire workspace - Scan all files in the workspace with a progress indicator
• Vault Radar: Set License Key - Configure your Vault Radar license key
• Vault Radar: Clear License Key - Remove the configured license key
• Vault Radar: Set License File - Configure a license file path
• Vault Radar: Clear License File - Remove the configured license file path
• Vault Radar: Index Vault - Index KV v2 secrets in a connected Vault server

Installation steps

• Acquire a Vault Radar license
• Set up your Vault Radar License with one of the following commands:
  • Vault Radar: Set License File command to configure your license file
  • Vault Radar: Set License Key command to configure your license key

Telemetry

We collect telemetry and send it to Azure Application Insights if the connection string is provided either in package.json appInsightsKey or the telemetry section of config.json. For setting up Azure Application Insights, see here.

Telemetry we collect

• startup time (essentially how long the activation function takes)
• scan time
• (upcoming) number of risks discovered and remediated, along with various metadata