Glaider Secrets Sniper is a powerful Visual Studio Code extension designed to help developers identify and manage sensitive data in their code. It automatically detects potential security risks such as API keys, passwords, and other confidential information, allowing you to quickly move them to a secure .env file or ignore false positives.
Features
Automatic Detection: Scans your code for various types of sensitive data, including:
Email addresses
Private SSH and RSA keys
IPv4 and IPv6 addresses
Access tokens
Credit card numbers
Cryptocurrency wallet addresses
And more...
Visual Warnings: Underlines detected sensitive data with a yellow wavy line for easy identification.
Detailed Hover Information: Provides information about the type of sensitive data and its associated risk level when hovering over detected instances.
Quick Actions: Offers CodeLens actions for each detected instance:
Create a new .env file and add the sensitive data
Use an existing .env file to store the sensitive data
Ignore the detected instance if it's a false positive
Bulk Actions: Allows handling all detected sensitive data at once through a warning message with options to:
Create a new .env file for all instances
Use an existing .env file for all instances
Ignore all detected instances
Problems Panel Integration: Lists all detected sensitive data in VS Code's Problems panel for easy navigation and management.
Language-Aware Replacement: When moving sensitive data to an .env file, Secrets Sniper replaces the original code with language-appropriate environment variable access syntax.
Installation
Open Visual Studio Code
Go to the Extensions view (Ctrl+Shift+X or Cmd+Shift+X on macOS)
Search for "Glaider Secrets Sniper"
Click "Install"
Usage
Open a project in VS Code
Secrets Sniper will automatically start scanning your open files for sensitive data
Detected instances will be underlined in yellow
Hover over underlined text to see details about the detected sensitive data
Use the CodeLens actions above each instance to manage it individually
When sensitive data is detected, a warning message will appear with options to handle all instances at once
Review the Problems panel for a list of all detected sensitive data in your workspace
Creating or Using an .env File
When choosing to create a new .env file or use an existing one:
Secrets Sniper will prompt you for a variable name for each piece of sensitive data
The sensitive data will be added to the .env file in the format VARIABLE_NAME="sensitive_data_value"
The original code will be replaced with appropriate syntax to access the environment variable
If a .gitignore file exists in your project, Secrets Sniper will ensure that .env is added to it
Ignoring False Positives
If Secrets Sniper detects something that isn't actually sensitive data:
Use the "Ignore" CodeLens action above the detected instance
The yellow underline will be removed, and Secrets Sniper will not flag this instance in future scans
Configuration
Currently, Glaider Secrets Sniper doesn't require any additional configuration. It works out of the box to provide seamless sensitive data detection and management.
Feedback and Contributions
We welcome your feedback and contributions to the Glaider Secrets Sniper extension. If you encounter any issues or have suggestions for improvements, please open an issue on our GitHub repository.
