CopySecure

CopySecure is a VS Code extension that protects you from inadvertently copying sensitive data into your clipboard. It scans your clipboard content for secrets, passwords, API tokens, and other sensitive patterns, then replaces them with user-configurable redactions.

Key Features

• Auto Redaction: Whenever you copy text (via a special command), CopySecure will detect known sensitive patterns (like AWS keys, GitHub tokens, or private keys) and replace them before they reach your clipboard.

• Configurable Replacement: Choose from several masking strategies:

  • REDACTED_N – replaces the secret with REDACTED_###
  • DESCRIPTIVE_LABEL – includes a label (e.g., password=redacted_###)
  • PARTIAL_MASK – partially masks each match (e.g., password=pxxxxd)

• Support for Common Providers: Azure, AWS, Google Cloud, GitHub, Cloudflare, Datadog, plus generic environment variables.

• Lightweight: Simple and direct; no heavy dependencies.

How to Use

Installation

• Public: Install from the VS Code Marketplace by searching "CopySecure."
• Private (Local): Install the provided .vsix by going to the Extensions panel, the "..." menu, then "Install from VSIX…".

Basic Usage

1. Open your file (code file, environment file, etc.) in VS Code.
2. Select text and run the command:
   • Shortcut: ctrl+alt+c (on Mac use cmd+option+c)
   • Command Palette: "Copy Secure"
3. Clipboard is updated with masked secrets if any were detected.

• Shortcut override: by going to File > Preferences > Keyboard Shortcuts (or Code > Preferences > Keyboard Shortcuts on macOS) and changing the binding for copy-secure.secureCopy.

• Or use mouse: simply right click and use CopySecure, paste as normal. Review pasted content, done.

Configuring Replacement Strategy

To change how secrets are masked:

1. Open VS Code Settings (Ctrl + ,)
2. Search for copySecure.replacementOption
3. Choose one of the options in the dropdown:
   • REDACTED_N
   • DESCRIPTIVE_LABEL
   • PARTIAL_MASK

When you copy again using CopySecure, the new strategy will take effect.

Known Limitations

• This extension uses regex-based detection. It won't catch every possible secret, and false positives can occur. Always confirm your data before sharing.
• Large base64 or hex strings may be masked incorrectly if they don't actually represent secrets.
• For deeper or advanced scanning, consider integrating with specialized tools or adding custom patterns.

Roadmap

• Enhanced Pattern Management: Expose a user-configurable UI to add or remove patterns.
• Performance Tweaks: Optimize scanning for extremely large files.
• Optional Confirmation: Prompt user if large blocks are masked.