Secret Guard

VS Code extension that detects secrets in your editor and warns you before you save. v1 focuses on one job: catch common API keys, tokens, and passwords before they hit disk or git.

What it does (v1)

• Live detection — scans open files as you type; shows red squiggles (diagnostics) on suspicious lines
• Line highlight — light red background on lines containing secrets
• Save warning — before save, shows a warning if high-confidence secrets are found (does not hard-block; you decide)
• Workspace scan — command Secret Guard: Scan Workspace lists all findings across the project
• Configurable — enable/disable each pattern type, add custom regex, ignore paths

What it does NOT do (yet)

• No team dashboard, history, or cloud sync
• No git pre-commit hook (editor-only for now)
• No automatic secret rotation or vault integration
• Cannot guarantee 100% coverage — regex-based detection has limits

Privacy

100% local. Secret Guard runs entirely on your machine. No network calls, no telemetry, no code sent anywhere. Your secrets never leave VS Code.

Supported patterns

Placeholder values (your_key_here, xxx, ${...}, process.env.*, etc.) are filtered to reduce false positives.

Configuration

{
  "secretGuard.enabled": true,
  "secretGuard.warnOnSave": true,
  "secretGuard.patterns.awsAccessKey": true,
  "secretGuard.customPatterns": [
    { "name": "My Token", "pattern": "mytoken_[A-Za-z0-9]{32}", "confidence": "high" }
  ],
  "secretGuard.ignorePaths": ["**/test/fixtures/**"]
}

Development

npm install
npm run compile
# F5 in VS Code to launch Extension Development Host
npm run package   # builds .vsix

License

MIT