Skip to content
| Marketplace
Sign in
Visual Studio Code>Linters>Keyhound — Secret & Auth SafetyNew to Visual Studio Code? Get it now.
Keyhound — Secret & Auth Safety

Keyhound — Secret & Auth Safety

keyhound

| (0) | Free
Warns you the instant a weak JWT secret, hardcoded API key, private key, or unsafe TLS setting sneaks into your code — because nothing else does.
Installation
Launch VS Code Quick Open (Ctrl+P), paste the following command, and press enter.
Copied to clipboard
More Info

🐾 Keyhound — Secret & Auth Safety

Keyhound warns you the instant a weak JWT secret, hardcoded API key, private key, or unsafe TLS setting sneaks into your code — because nothing else does.

Most secret leaks don't happen because developers are careless. They happen because nothing warns them in the moment. Keyhound sits quietly in your editor and barks the second something dangerous appears — right on the line, as you type.

What it catches

  • Weak, default, or empty secrets — JWT_SECRET = "changeme", empty session secrets, placeholder values attackers try first.
  • Hardcoded provider credentials — AWS, Google, GitHub, Slack, Stripe (live keys), npm, OpenAI, and private-key blocks.
  • Dangerous fallbacks — process.env.JWT_SECRET || "dev-secret" that silently becomes your real secret in production.
  • Weak JWT signing — jwt.sign(payload, "abc") that lets anyone forge valid tokens.
  • Disabled TLS verification — NODE_TLS_REJECT_UNAUTHORIZED=0, verify=False — open doors to man-in-the-middle attacks.
  • .env not in .gitignore — one click to fix before it gets committed.

Why it's different

  • Live, in the moment. Squiggles appear as you type — not in a CI run 20 minutes later when it's already pushed.
  • Low noise. Strong, random secrets are left alone. Keyhound flags what's actually risky, not everything that looks like a string.
  • 100% local. Your code never leaves your machine. No account, no server, no telemetry.

Usage

Keyhound runs automatically. You can also:

  • Keyhound: Scan Current File — re-scan the active file.
  • Keyhound: Scan Workspace for Secrets — sweep the whole project; results land in the Problems panel.

Settings

Setting Default Description
keyhound.enableLiveScan true Scan files live as you open, edit, and save.
keyhound.minSecretLength 16 Secrets shorter than this are flagged as weak.

Roadmap (Pro — coming soon)

The core scanner above is free, forever. A future Pro tier will add: git pre-commit hook, CI report export, custom organization rule packs, and team dashboards. No dates promised — it ships when it's genuinely good.


Keyhound keeps your secrets where they belong: out of your repo.

  • Contact us
  • Jobs
  • Privacy
  • Manage cookies
  • Terms of use
  • Trademarks
© 2026 Microsoft