Entro Security Secret Scanner

Guard your code with Entro Security. This extension scans your files for exposed secrets, API keys, and tokens, helping you prevent security leaks before they happen.

License

Please refer to the usage license here

Features

• Real-time Secret Scanning: Automatically scans your files as you type or when you open/save them.
• Entro API Integration: Leverages the Entro Security API for comprehensive secret detection.
• Secure Key Storage: Your API key is stored in VS Code's SecretStorage, never in plaintext settings.
• Visual Feedback:
  • Highlighting: Exposed secrets are highlighted directly in the editor.
  • Hover Details: Hover over a highlighted secret to see details and recommendations.
  • Status Bar: The status bar reflects scanning activity, findings, and configuration issues.
• Workspace Scanning: Use the Entro DevGuard: Scan All Files command to check your entire workspace, with progress and cancellation.
• Output Logging: Detailed logs are available in the "Entro Security" Output Channel.

Requirements

You need an Entro Security API Key for the extension to scan.

1. Obtain your API Key from the Entro Security dashboard.
2. Run the Entro DevGuard: Set API Key command from the Command Palette (or click the status bar item) and paste your key.

The key is stored securely in VS Code's SecretStorage. If you previously set entro.apiKey in settings.json, the extension will migrate it on first run and clear the plaintext value.

Extension Settings

This extension contributes the following settings:

• entro.scanOnType: Scan as you type. Default: true.
• entro.advanced.apiDomain: API domain for Entro Security. Default: api.entro.security.
• entro.advanced.scanGeneric: Enable/disable generic secret scanning. Default: true.
• entro.advanced.redactSecrets: Whether to redact secrets in the API response. Default: false.
• entro.advanced.maxFileSizeBytes: Skip files larger than this when scanning. Default: 1048576 (1 MiB). Hard ceiling: 2621440 (2.5 MiB) — files larger than the ceiling cannot be scanned.
• entro.advanced.requestTimeoutSeconds: Timeout for Entro API requests, in seconds. Default: 15.
• entro.advanced.maxRetries: Retry attempts on timeout or transient network/5xx errors. Default: 2 (max 5).

Commands

• Entro DevGuard: Set API Key — store/replace your API key in SecretStorage.
• Entro DevGuard: Clear API Key — remove the stored API key.
• Entro DevGuard: Scan for Secrets — manually scan the active document.
• Entro DevGuard: Scan All Files — scan the workspace with progress and cancellation.

Known Issues

• Files larger than entro.advanced.maxFileSizeBytes are skipped to protect bandwidth and editor responsiveness.