VS Code extension for project "Credential Digger" is a free IDE extension that let you detect secrets and credentials in your code before they get leaked! Like a spell checker, the extension scans your files using the Credential Digger and highlights the secrets as you write code, so you can fix them before the code is even committed.
Open any source file, or edit an existing one and save, then you will start seeing the issues reported by the extension.
The issues are highlighted in your code as warnings, and also are listed in the Problems panel.
The tool provides the following support:
-
Connects to an instance of the Credential Digger running either
- locally
- in a docker container
- in a web server
-
Pushes the regular expressions rules to the Credential Digger via the command
Credential Digger: Add Rules -
Triggers the scan when opening/saving a file
-
Forces a scan of a file via the command
Credential Digger: Scan -
Highlights the findings in the code and displays them in the
Problemspanel as warnings -
Proposes three "quick fix" functionalities to address the secrets found in the code:
-
Quick Fix 1: Remove Secret - Instantly remove the secret from your code, making cleanup tasks and revision simpler.
-
Quick Fix 2: Create Environment Variable - With this feature, you can effortlessly store found secrets in a dedicated file and set up dependencies. This will be done automatically if your coding language is amongst Python, PHP, JavaScript, C#, or Java Maven. If your language is outside these five, you will receive AI-assisted advice to guide your manual setup.
-
Quick Fix 3: Secret Storage Options - This feature provides three secret storage options, namely, BTP Secret Store, AWS Secret Manager, and Vault.
- For BTP Secret Store, the documentation is written mostly by us with a portion that is AI-generated.
- For AWS Secret Manager and Vault, the entire set of instructions is AI-generated to provide a comprehensive, dynamic and user-specific guide for securely storing secrets and integrating them into your project.
(To fully benefit from the AI functionality, you need to configure some settings. Go to 'Configuration' section to have more information.)
-
These features aim to streamline your coding workflow, making it more efficient and secure.
- Credential Digger >= v4.11.1
The extension could be installed directly from the VS Code Marketplace
The extension relies on an existing instance of the Credential Digger, hence you need to configure the extension based on the chosen mode
Navigate to the extension settings first. Go to the Type section and select the binary option. Then, from the Binary section, click on Edit in settings.json.
Next, provide the required information as shown in the following example:
"credentialDigger.credentialDiggerRunner.type": "binary",
"credentialDigger.credentialDiggerRunner.binary": {
"path": "/bin/credentialdigger",
"databaseConfig": {
"type": "postgres",
"postgres": {
"envFile": "/tmp/test/postgres/.env"
}
}
}
Navigate to the extension settings first. Go to the Type section and select the docker option. Then, from the Docker section, click on Edit in settings.json.
Next, provide the required information as shown in the following example:
"credentialDigger.credentialDiggerRunner.type": "docker",
"credentialDigger.credentialDiggerRunner.docker": {
"containerId": "378ffa800494",
"databaseConfig": {
"type": "sqlite",
"sqlite": {
"filename": "/data/db/data.db"
}
}
}
Navigate to the extension settings first. Go to the Type section and select the webserver option. Then, from the Webserver section, click on Edit in settings.json.
Next, provide the required information as shown in the following example:
"credentialDigger.credentialDiggerRunner.type": "webserver",
"credentialDigger.credentialDiggerRunner.webserver": {
"host": "http://localhost:5000",
"envFile": "/tmp/test/sqlite/.env"
}
If your Credential digger instance does not have scanning rules or you want to provide your customized set then you can first enter the path to your rules file into the Rules section and then push them by running this command Credential Digger: Add Rules
If you would like to exclude some files from being scanned you need to configure the extension by providing the patterns to filter out
Click on Add Item:
Then, enter each pattern individually:
To fully benefit from the AI functionality, you need to configure two fields. (Your code will not be transmitted to an AI, only the file extension, like '.js' or '.java' will be used on the prompt.)
You have two AI modes at your disposal:
- BTP OpenAI: This option is for a Multi-tenant BTP service proxy for third-party LLM APIs. The extension use Azure OpenAI gpt-4 model.
- Navigate to the
Openai Call Modesection. From the dropdown menu, chooseBTP OpenAI. - Then navigate to the
Openai Key Pathsection. Here, enter a path that leads to your key within a .json file.
- Navigate to the
- OpenAI: This option is for OpenAI (https://platform.openai.com/)
- Navigate to the
Openai Call Modesection. From the dropdown menu, chooseOpenAI. - Then navigate to the
Openai Key Pathsection. Here, enter the path that directs to a .txt file. Make sure this file contains only the key you've copied and pasted.
- Navigate to the
This project is open to feature requests/suggestions, bug reports etc. via GitHub issues. Contribution and feedback are encouraged and always welcome. For more information about how to contribute, the project structure, as well as additional contribution information, see our Contribution Guidelines.
We as members, contributors, and leaders pledge to make participation in our community a harassment-free experience for everyone. By participating in this project, you agree to abide by its Code of Conduct at all times.
Copyright 2023 SAP SE or an SAP affiliate company and vs-code-extension-for-project-credential-digger contributors. Please see our LICENSE for copyright and license information. Detailed information including third-party components and their licensing/copyright information is available via the REUSE tool.