Available Now

Secure your build flow. Keep paste accidents boring.

SecretShields is a local-only VS Code/Cursor extension that masks secrets in your clipboard before paste. If you deliberately restore one, it records the exposure locally and reminds you to rotate it later.

VS Code Marketplace OpenVSX for Cursor

Free forever

Extension: zero telemetry

Extension: no outbound network calls

User: Can you connect to the database using this config?

User pasted context:

AWS_ACCESS_KEY_ID=AKIA************KEY1

SecretShields: 1 secret masked in clipboard.

Build with AI without leaking secrets.

Copy and paste is the failure mode. SecretShields stays in the workflow you already use, masks risky clipboard content before paste, and only creates an exposure record when you deliberately restore the real value.

Clipboard-first protection

SecretShields rewrites secrets in the clipboard before paste. That covers paste-based workflows such as AI chats, terminals, web apps, and messaging tools without pretending to be a native integration inside each one.

Local-only extension

The extension runtime makes no outbound network calls and sends no telemetry. Detection, masking, restore flow, and rotation reminders stay on-device inside VS Code or Cursor.

Deliberate restore, then rotation

Need the real key for a minute? Restore it briefly to the clipboard, log the exposure intentionally, and let a separate severity-based countdown remind you to rotate it later.

38 detection patterns. 30+ services. Zero config.

Every detector can be toggled individually in settings. Built-in allowlists, entropy checks, and structural validation keep false positives low enough to leave protection on by default.

AWS Access Keys AWS Secret Keys GitHub Tokens Stripe Keys OpenAI API Keys Anthropic API Keys Google API Keys Vercel Tokens Slack Tokens and Webhooks SendGrid Keys Shopify Tokens Twilio SIDs DigitalOcean Tokens npm Tokens PyPI Tokens HashiCorp Vault Doppler Tokens Linear API Keys Grafana Tokens New Relic Keys Heroku Tokens PlanetScale Tokens Docker Hub PATs Resend Keys Supabase Keys Netlify Tokens Appwrite Keys Cloudflare Origin CA Discord Webhooks Database URLs SSH Private Keys JWTs

Frequently asked questions

Why does masking persist after I uninstall?

SecretShields operates on the system clipboard. Once masked text is written, it becomes the clipboard's real content at the OS level. Uninstalling the extension does not restore raw secrets, because doing so would be a security regression. Copy any other text to overwrite the clipboard.

Can SecretShields protect AI chat inputs?

Not by hooking into those UIs directly. VS Code extensions do not get DOM access inside chat panels, so SecretShields protects the clipboard before paste instead. The chat tool receives the masked version because that is what reached the clipboard.

Does the extension make any network calls?

No. The extension runtime does not make outbound network calls. Detection, masking, restore flow, and alerts stay local, no telemetry is sent, and no raw secrets are written to disk.

Is SecretShields production-ready?

SecretShields is live today for the core clipboard protection workflow. Detector coverage, UX polish, and team workflows continue to improve with each release.

Current product status

SecretShields is available today as a free extension with local-first protection.

The team and enterprise sections below show how SecretShields can expand for organizations that want shared controls, governance, and deployment flexibility.

Available today

$0 forever

One open-source extension for solo developers, teams, students, and OSS maintainers.

All shipped detectors in one install
Automatic clipboard masking
Restore with TTL plus rotation reminders
Exposure log and per-detector toggles
Editor paste masking
Local processing and zero telemetry
Community support via GitHub

Install free

Exploratory

Team layer

Contact sales

If your team wants shared controls without giving up the current local-first masking model, contact us to discuss requirements and design-partner fit.

Shared policy and allowlists
Metadata-only exposure dashboards
Admin workflows around the existing local engine
Slack, Teams, or Jira integrations
Explicitly not part of today's release

Contact sales

Enterprise layer

Contact sales

If your organization needs governance, compliance, and deployment flexibility, contact us to discuss requirements before we commit to an enterprise roadmap.

SSO, SCIM, and RBAC
Audit log export and SIEM integration
Self-hosted or air-gapped deployment
Compliance reporting and DPA support
Not implemented in the current extension

Contact sales

Current release: one free, local-only extension. No account, licensing backend, or managed service is required today.

Add SecretShields to your workflow.

Install SecretShields for free and test the clipboard-first masking flow in VS Code or Cursor before you make it part of team habit.

Install SecretShields