DEV Community: Gayathri S The latest articles on DEV Community by Gayathri S (@gayathri_s_2e74bc6c3f0fb8). https://dev.to/gayathri_s_2e74bc6c3f0fb8 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3859553%2F9448d80b-af00-414a-868a-af142360766a.png DEV Community: Gayathri S https://dev.to/gayathri_s_2e74bc6c3f0fb8 en I built a free VS Code extension that catches leaked secrets before you commit them Gayathri S Fri, 03 Apr 2026 13:49:08 +0000 https://dev.to/gayathri_s_2e74bc6c3f0fb8/i-built-a-free-vs-code-extension-that-catches-leaked-secrets-before-you-commit-them-5a2k https://dev.to/gayathri_s_2e74bc6c3f0fb8/i-built-a-free-vs-code-extension-that-catches-leaked-secrets-before-you-commit-them-5a2k <h2> The problem </h2> <p>Last year I nearly committed a Stripe live key to a public repo.</p> <p>Caught it manually at the last second. But it made me think —<br> why doesn't VS Code warn me about this automatically?</p> <p>So I built EnvGuard.</p> <h2> What it does </h2> <p>EnvGuard is a free VS Code extension that adds 6 things your <br> .env files have always needed:</p> <ul> <li>🔐 <strong>Secret Scanner</strong> — detects 30+ patterns (AWS keys, GitHub tokens, Stripe keys, JWT tokens) with red underlines before you commit</li> <li>✅ <strong>Schema Validation</strong> — define a .env.schema file, get instant errors for missing/wrong keys</li> <li>🔄 <strong>Environment Switcher</strong> — save dev/staging/prod profiles, switch with one click</li> <li>🔍 <strong>Diff Viewer</strong> — compare any two .env files side by side</li> <li>📋 <strong>Example Generator</strong> — auto-generate .env.example from your real .env</li> <li>🖥️ <strong>Dashboard</strong> — visual overview of all keys, security score, profiles</li> </ul> <h2> How the secret scanner works </h2> <p>Add this to your .env:<br> JWT_SECRET=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...</p> <p>EnvGuard immediately shows a red wavy underline and adds to <br> Problems panel: "Potential JWT Token detected — remove before committing"</p> <p>Works for 30+ secret types including AWS, GitHub, Stripe, Google, <br> Slack, SendGrid, Firebase, and more.</p> <h2> The schema format </h2> <p>Create a .env.schema file:</p> <p>DATABASE_URL=required|url|description:PostgreSQL connection string<br> PORT=required|number|default:3000<br> NODE_ENV=required|enum:development,staging,production<br> API_KEY=required|string|secret:true<br> DEBUG=optional|boolean|default:false</p> <p>EnvGuard validates your .env against this in real time.</p> <h2> Install free </h2> <p>VS Code Marketplace: <br> <a href="https://marketplace.visualstudio.com/items?itemName=GayathriS.envguard-pro" rel="noopener noreferrer">https://marketplace.visualstudio.com/items?itemName=GayathriS.envguard-pro</a></p> <p>GitHub (open source):<br> <a href="https://github.com/GayathriCodes2/EnvGuard.Extenstion" rel="noopener noreferrer">https://github.com/GayathriCodes2/EnvGuard.Extenstion</a></p> <h2> Honest request </h2> <p>This is my first published VS Code extension. If you try it <br> and find bugs, please open an issue on GitHub — I respond fast.</p> <p>If it's useful, a ⭐ on GitHub genuinely helps.</p> vscode webdev opensource security