SafeRelay DevSec for VS Code
A SafeRelay.ai product
100% Local. Zero-Knowledge. Your secrets never leave your machine.
SafeRelay DevSec is a VS Code extension that redacts secrets, PII, and sensitive data from your files and AI prompts — entirely on your machine, with no network calls, no telemetry, and no cloud processing of any kind.
The Trust Question — Answered Up Front
Every DLP tool that touches your secrets has to answer one question:
Where does the data go when you restore a tokenized file back to its real values?
SafeRelay DevSec's answer: nowhere.
The mapping between [OPENAI_KEY_1] and sk-proj-abc123... lives in RAM only — inside your VS Code process — for the duration of your session. It is never written to disk, never sent to a server, never stored in VS Code's globalState or workspaceState, and never logged. When VS Code closes, the vault is gone.
This is what zero-knowledge actually means in practice. SafeRelay's servers, if they ever exist in your workflow, will only ever see encrypted ciphertext — never your plaintext secrets.
What It Does
- Sanitize a file (YAML, JSON, env, logs, config, code) → SafeRelay scans it locally, replaces secrets with typed placeholders (
[OPENAI_KEY_1], [IP_1], [AWS_SECRET_1]), and writes a .redacted copy alongside the original.
- Share the redacted file freely — to an AI, a colleague, a Slack thread, a GitHub issue. It contains no real secrets.
- Restore the AI's response (or the file) → SafeRelay swaps every placeholder back with the original value from the in-memory vault. The full round-trip happens without your secrets ever appearing in chat, logs, or a third-party system.
Commands
| Command |
Shortcut |
What it does |
SafeRelay: Quick Menu |
Click status bar |
Action menu for all commands |
SafeRelay: Sanitize File |
Ctrl+Shift+Alt+S |
Redact file → .redacted.ext + diff view |
SafeRelay: Copy Selection for AI |
Ctrl+Shift+Alt+C |
Redact selected text → clipboard |
SafeRelay: Restore Clipboard |
Ctrl+Shift+Alt+R |
De-tokenize clipboard with vault values |
SafeRelay: Restore File |
Right-click |
De-tokenize file → .restored.ext |
SafeRelay: Configure Shields |
Ctrl+Shift+Alt+G |
Toggle pattern groups via quick-pick |
SafeRelay: Clear Vault |
Quick Menu |
Wipe in-memory vault immediately |
All commands are also accessible via Ctrl+Shift+P → type "SafeRelay".
The Sanitize → AI → Restore Workflow
config.yaml → [Sanitize File] → config.redacted.yaml
↓
Send to AI / colleague / Slack
↓
AI edits it, returns modified version
↓
[Restore File] → config.restored.yaml ← real values back
Example — before sanitize:
api_key: sk-proj-abc123def456ghi7890jklmnopqrstuvwxyz
db_host: 192.168.1.100
DB_URL=postgres://admin:s3cr3t@10.0.0.5:5432/prod
token: ghp_ABCdef1234567890xyzABCdef123456789012
After sanitize (config.redacted.yaml):
api_key: [OPENAI_KEY_1]
db_host: [IP_1]
DB_URL=[ENV_VALUE_1]
token: [GITHUB_PAT_1]
After restore — original values are back exactly as they were.
What Gets Redacted
Free — DevSec Shield
| Pattern |
Example match |
| OpenAI API keys |
sk-proj-abc... |
| OpenAI legacy keys |
sk-abc... (non-proj/ant) |
| Anthropic keys |
sk-ant-abc... |
| AWS Access Key ID |
AKIAIOSFODNN7EXAMPLE |
| AWS STS temporary key |
ASIAIOSFODNN7EXAMPLE |
| AWS Secret Access Key |
SecretAccessKey=abc... |
| GitHub classic PAT |
ghp_abc... |
| GitHub fine-grained PAT |
github_pat_abc... |
| GitHub OAuth token |
gho_abc... |
| Slack token |
xoxb-abc... |
| Stripe secret key |
sk_live_abc... / sk_test_abc... |
| Stripe public key |
pk_live_abc... / pk_test_abc... |
| Bearer tokens |
Bearer eyJhb... |
| Docker PAT |
dckr_pat_abc... |
| NPM token |
npm_abc... |
| Twilio key |
SKabc... |
| SendGrid key |
SG.abc.def |
| Gemini / GCP key |
AIzaSy... |
| PEM private key header |
-----BEGIN PRIVATE KEY----- |
| IPv4 addresses |
192.168.1.100, 10.0.0.5 |
| BTC addresses |
Legacy, P2SH, Bech32 |
| ETH addresses |
0x... (40 hex) |
| Crypto WIF keys |
5abc..., Kabc..., Labc... |
| Seed phrases |
12-word and 24-word BIP39 |
| ENV variable values |
DATABASE_URL=postgres://... |
Pro — Additional Shields
| Shield |
Covers |
| FinTech |
Credit cards (Luhn), US SSN, EU IBAN, Email, UK NINO, NG BVN/NIN/Bank/Phone, CA SIN, IN Aadhaar/PAN, ZA ID, AU TFN, BR CPF, SG NRIC, DE Tax ID, US Green Card |
| Corporate |
DUNS, EIN, EU VAT (27 countries) |
| Civic / Mission |
GPS coordinates, UNHCR registration IDs, donor/beneficiary IDs |
| Pro Tier Patterns |
MAC addresses, ETH private keys (0x 64-hex), Solana addresses, 64-hex crypto keys (context-aware — excludes SHA-256 checksums) |
Status Bar
The $(shield) SafeRelay item shows on the right of the status bar.
- No vault entries:
$(shield) SafeRelay
- Vault active:
$(shield) SafeRelay (4) — 4 secrets stored in RAM
- Click → Quick Menu with all actions
Settings
| Setting |
Type |
Default |
Description |
saferelayDevsec.enabled |
boolean |
false |
Master switch — must be ON |
saferelayDevsec.licenseKey |
string |
"" |
Pro license key from SafeRelay.ai |
saferelayDevsec.devsecShield |
boolean |
true |
FREE: DevSec pattern group |
saferelayDevsec.fintechShield |
boolean |
false |
PRO: FinTech PII group |
saferelayDevsec.corporateShield |
boolean |
false |
PRO: Corporate ID group |
saferelayDevsec.civicShield |
boolean |
false |
PRO: Civic/Mission group |
saferelayDevsec.proTier |
boolean |
false |
PRO: Pro-only patterns |
saferelayDevsec.auditMetadataOnly |
boolean |
true |
Audit log: metadata only, never content |
Configure shields interactively via Ctrl+Shift+Alt+G → Configure Shields — no need to edit JSON.
Security & Privacy Posture
| Claim |
Reality |
| No network calls |
The extension makes zero outbound connections of any kind |
| No telemetry |
No usage data, no error reporting, no pings |
| No secrets persisted |
Original values are RAM-only in the SafeVault for the VS Code session lifetime |
| No clipboard reads |
Only clipboard.writeText is used — the extension never reads your clipboard except for explicit Restore Clipboard commands |
| Audit log = metadata only |
Timestamps, file names, match counts, threat categories. Never secret content. |
| No automatic scanning |
Every action requires explicit user initiation |
| Vault cleared on exit |
deactivate() calls safeVault.clear() — no vault residue |
Why RAM-only is acceptable
The threat model for an in-memory vault is identical to having the file open in your editor — an attacker who can dump your VS Code process memory already has access to the file on disk. RAM-only means no persistence risk: no stolen laptop scenario, no log exfiltration, no cloud breach.
Roadmap
| Phase |
Status |
Description |
| Phase 2 |
✅ Done |
Scaffold: commands + status bar |
| Phase 3 |
✅ Done |
DLP engine: Copy Selection for AI |
| Phase 4 |
✅ Done |
Sanitize File + diff view |
| Phase 5 |
✅ Done |
Vault + Restore Clipboard / Restore File |
| Phase 6 |
✅ Done |
Configure Shields quick-pick, action menu, audit log, keybindings, Pro paywall |
| Phase 7 |
Planned |
Team Vault — E2E encrypted, zero-knowledge vault sync for teams. Senior devs sanitize; junior devs restore. Secrets encrypted client-side before leaving the machine. $10–$15/user/month. |
| Phase 8 |
Planned |
SafeRelay CLI / GitHub Action — wrap the DLP engine as a command-line tool and CI/CD action. Automatically sanitize logs before they ship to Datadog, Splunk, or Sentry. |
| Phase 9 |
Planned |
SafeRelay Desktop bridge — opt-in local service for license validation and Team Vault sync |
| Phase 10 |
Planned |
VS Code Marketplace release |
Team Vault — How it will work (zero-knowledge)
Senior Dev machine:
sanitizeFile() → vault entries encrypted with team key (client-side)
→ encrypted blob synced to SafeRelay.ai servers
→ server sees: { "abc123": "<ciphertext>" } ← never plaintext
Junior Dev machine:
receives redacted file via Slack
→ extension fetches encrypted blob
→ decrypts locally with team key
→ restoreFile() works exactly as today
SafeRelay's servers handle routing and storage of encrypted blobs only. They cannot decrypt vault entries. This is the 1Password / Bitwarden architecture.
Manual Test
npm install
npm run compile
- Open this folder in VS Code → press F5 → Extension Development Host opens
Ctrl+, → search "saferelay" → set enabled to true
- Create a test file with:
api_key: sk-proj-abc123def456ghi7890jklmnopqrstuvwxyz
db_host: 192.168.1.100
DB_URL=postgres://user:password@10.0.0.5:5432/prod
token: ghp_ABCdef1234567890xyzABCdef123456789012
- Right-click the file → SafeRelay: Sanitize File → click View Diff
- Confirm secrets are replaced. Status bar shows
$(shield) SafeRelay (4)
- Copy the contents of the
.redacted file
- Run SafeRelay: Restore Clipboard → paste → original values are back
- Right-click the
.redacted file → SafeRelay: Restore File → .restored file matches original
About SafeRelay.ai
SafeRelay DevSec is built by SafeRelay.ai — privacy-first security tooling for developers, DevOps, and enterprise teams.
License: UNLICENSED — Private. Not for redistribution.