LeakScan for VS Code

Detect leaked API keys and secrets in your code as you type. Highlights 80+ secret patterns with inline warnings and Problems panel integration.

Features

Real-time scanning as you type (debounced, zero lag)
Highlights secrets with severity-colored underlines (red for critical/high, yellow for medium)
Findings show up in the Problems panel with full context
"Scan Workspace" command to check your entire project at once
80+ patterns covering all major providers
Inline suppression with # nosec or # gitleaks:allow
Configurable severity threshold, ignored paths, and scan triggers

Detected Secrets

AWS, GCP, Azure, GitHub, GitLab, Stripe, OpenAI, Anthropic, HuggingFace, Telegram, Discord, Slack, SendGrid, Mailgun, npm, PyPI, Shopify, DigitalOcean, Vercel, Supabase, PlanetScale, Grafana, Sentry, Doppler, Postman, Linear, HashiCorp Vault, Flutterwave, Infisical, Google API keys, JWTs, database URLs, hardcoded passwords, and more.

Usage

The extension activates automatically. Open any file and leaked secrets will be highlighted immediately.

Commands

Open the command palette (Ctrl+Shift+P / Cmd+Shift+P):

LeakScan: Scan Current File - Scan the active file and show results
LeakScan: Scan Workspace - Scan all files in the workspace

Quick Fixes

When a secret is detected, click the lightbulb icon (or press Ctrl+. / Cmd+.) to see available actions:

Move secret to .env file - Extracts the value to .env, replaces it with an environment variable reference, and adds .env to .gitignore automatically
Suppress this finding - Adds # nosec to the line to mark it as intentional
How to rotate this secret - Opens the provider's key management page so you can revoke and regenerate

Suppress a finding

Add any of these comments to suppress a specific line:

API_KEY = "sk_live_abc123..."  # nosec
TOKEN = "ghp_..."  # gitleaks:allow
SECRET = "..."  # secretscanner:allow

Configuration

Setting	Default	Description
`leakscan.enabled`	`true`	Enable or disable the extension
`leakscan.scanOnSave`	`true`	Scan files when saved
`leakscan.scanOnType`	`true`	Scan as you type (500ms debounce)
`leakscan.severityThreshold`	`LOW`	Minimum severity to report (CRITICAL, HIGH, MEDIUM, LOW)
`leakscan.ignorePaths`	`["/node_modules/", ...]`	Glob patterns for paths to skip

Installation

Search "LeakScan" in the VS Code Extensions panel, or:

code --install-extension vasishta03.leakscan

Companion CLI

For git history scanning, CI/CD integration, and GitHub profile scanning, use the leakscan CLI:

pip install leakscan
leakscan scan . --history --verify

License

MIT

LeakScan

Vasishta Nandipati