A lightweight, secure, and highly advanced VS Code extension designed for developers to manage, validate, and securely insert API keys, secret tokens, and payment gateway credentials locally without leaking them into source code.
🔥 Key Features
Local & Secure Storage: Uses VS Code's native SecretStorage API to encrypt and securely store credentials locally on your machine.
🚨 Real-time Leak Prevention (New): Actively scans your open code files. If you accidentally paste or hardcode an OpenAI key (sk-...) or general production credentials, it triggers an instant warning notification to stop source code leaks before your next Git push.
⚡ Live API Health Check (New): Validate your stored keys directly from the sidebar. Features live network ping validation for OpenAI keys to check if they are active and valid.
Categorized Vault: Organize your keys neatly under AI APIs, Payment Gateways, REST APIs, and Other Credentials.
Smart Dual Key Mode: Effortlessly store dual credentials (e.g., PayHere Merchant ID + Secret, or AWS Client ID + Secret).
Granular Component Insertion: Insert your saved keys directly into the active text editor at your cursor position with a single click.
Modern Sidebar UI: Sleek, scannable user interface natively styled to match your VS Code theme with live status indicators.
🚀 How to Use
1. Adding & Validating Credentials
Open the Credential Manager view from the VS Code Activity Bar (🔑 icon).
Enter a unique name for your credential (e.g., PayHere_Live or OpenAI_Prod).
Select the appropriate Category and check Dual Key Mode if required.
Click Save Securely.
Click the Check button on any stored key to run a live health check. The status dot will turn Green (Valid), Red (Invalid), or Blue (Active Local).
2. Leak Prevention in Action
Simply write or edit your code. If the extension detects an exposed pattern like sk-abc123... or api_key = "...", a VS Code native warning will pop up automatically alerting you to secure it.
🛠️ Tech Stack & Requirements
Built with VS Code Extension API (v1.85.0+)
Bundled dynamically using esbuild for maximum performance.
Core network validations handled locally using Node.js https module.
🔒 Security Statement
Your credentials never leave your machine. This extension does not use external tracking or cloud synchronization. All values are securely stored using your operating system's keychain provider via VS Code's built-in SecretStorage. Live validation queries are sent directly to official endpoints (e.g., api.openai.com) with zero intermediary logging.
