I found a hardcoded AWS key in an old project sitting there for months. Classic mistake that's happened to every developer. So I built something to stop it happening again.
SecretSentinel detects hardcoded API keys, passwords and credentials in real-time as you type in VS Code - before you save, before you commit, before any damage is done.
What makes it different
GitHub's secret scanning catches leaks after you push. By then the secret is in your git history and potentially already scraped by bots. SecretSentinel stops it at the source.
The technical part I'm proud of
Pure regex pattern matching only catches known secret formats. So I implemented Shannon entropy scoring - if a string is random enough to statistically look like a secret, it gets flagged even without a matching pattern.
What it does
- Real-time detection across 60+ secret patterns
- Entropy-based detection for unknown secrets
- Git history scanner - finds secrets in past commits
- Severity levels - Critical, High, Medium, Low
- .env file differ - shows keys missing from .env.example
- One-click .env.example generator
- Security report generator
- Git staging interceptor
Privacy
Runs 100% locally. Your code never leaves your machine.
Links
Install free on VS Code Marketplace:
https://marketplace.visualstudio.com/items?itemName=IshaRawool.secret-sentinel
Top comments (0)