I built a VS Code extension that catches secrets before you commit them

Isha Rawool — Wed, 18 Mar 2026 11:45:17 +0000

I found a hardcoded AWS key in an old project sitting there for months. Classic mistake that's happened to every developer. So I built something to stop it happening again.

SecretSentinel detects hardcoded API keys, passwords and credentials in real-time as you type in VS Code - before you save, before you commit, before any damage is done.

What makes it different

GitHub's secret scanning catches leaks after you push. By then the secret is in your git history and potentially already scraped by bots. SecretSentinel stops it at the source.

The technical part I'm proud of

Pure regex pattern matching only catches known secret formats. So I implemented Shannon entropy scoring - if a string is random enough to statistically look like a secret, it gets flagged even without a matching pattern.

What it does

Real-time detection across 60+ secret patterns
Entropy-based detection for unknown secrets
Git history scanner - finds secrets in past commits
Severity levels - Critical, High, Medium, Low
.env file differ - shows keys missing from .env.example
One-click .env.example generator
Security report generator
Git staging interceptor

Privacy

Runs 100% locally. Your code never leaves your machine.

Links

Install free on VS Code Marketplace:
https://marketplace.visualstudio.com/items?itemName=IshaRawool.secret-sentinel