IDE Integration
VS Code Extension
Manage secrets without leaving your editor. Browse environments, set and edit secrets, pull to .env, scan for leaked credentials, and monitor your audit log — all from the VS Code sidebar.
Installation
Install from the VS Code Marketplace, or from the command line:
code --install-extension secr.secr-vscodeYou can also search for "Secr" in the Extensions panel (Cmd+Shift+X).
Getting Started
The extension activates automatically when it detects a .secr.json file in your workspace root.
{
"org": "my-org",
"project": "my-project",
"defaultEnvironment": "development"
}- Open a project with
.secr.json— the padlock icon appears in the Activity Bar - Click it to open the Secrets sidebar
- Run
Secr: Loginfrom the Command Palette if not already authenticated - Environments and secrets load automatically
Authentication
Two authentication methods are available:
Enter Token
Paste an API token directly into VS Code. Token is stored in VS Code SecretStorage.
Use CLI Login
Opens a terminal and runs secr login. Credentials are detected automatically via file watcher.
Auth is shared with ~/.secr/credentials.json — log in once and both CLI and extension are authenticated.
Features
$(list-tree)Sidebar Tree View
Browse environments and secrets in a collapsible tree. Hover for masked values, click to copy.
$(edit)Secret CRUD
Set, edit, delete, and copy secrets from context menus or the Command Palette.
$(history)Version History
Browse every version of a secret and restore old values with one click.
$(arrow-swap)Environment Switching
Switch active environment via QuickPick or the status bar indicator.
$(file-symlink-file)Pull to .env
Write all secrets to a .env file in your workspace root.
$(cloud-upload)Import .env
Auto-discover .env files and bulk-import them to secr.
$(shield)Secret Scanning
22 regex patterns detect leaked AWS keys, Stripe tokens, database URLs, and more.
$(output)Audit Log
Persistent tree view of recent activity — who changed what and when.
$(arrow-up)Promote Secrets
Copy secrets between environments (dev → staging → production).
$(diff)Environment Diff
Side-by-side comparison of two environments in VS Code's diff editor.
$(search)Search & Filter
Filter the tree by key prefix to find secrets quickly.
$(terminal)Run with Secrets
Open a terminal with all secrets injected as environment variables.
Secret Management
All secret operations are available from the tree context menu (right-click) or the Command Palette.
| Command | Description | Access |
|---|---|---|
| Secr: Set Secret | Create or update a secret with key and value | Tree title bar, Cmd+Shift+P |
| Secr: Edit Secret | Edit an existing secret's value (pre-filled) | Right-click secret |
| Secr: Delete Secret | Soft-delete a secret | Right-click secret |
| Secr: Copy Secret Value | Copy full value to clipboard | Click or right-click secret |
| Secr: View Secret History | Browse versions, see who changed it, restore old values | Right-click secret |
| Secr: Delete All Secrets | Bulk delete every secret in an environment (with confirmation) | Right-click environment |
Environment Management
| Command | Description |
|---|---|
| Secr: Switch Environment | Change active environment — also accessible by clicking the status bar |
| Secr: Create Environment | Create a new environment with a name and URL-safe slug |
| Secr: Promote Secrets | Copy all or selected secrets from one environment to another |
| Secr: Diff Environments | Opens VS Code's diff editor with a side-by-side key comparison |
Secret Scanning
The extension automatically scans files when you open or save them, using 22+ regex patterns to detect accidentally committed secrets. Results appear in the Problems panel with severity-based diagnostics.
Detected patterns include:
Binary files, .env files, node_modules, and .git directories are automatically excluded.
Audit Log
The Audit Log tree view sits below the Secrets tree in the sidebar and shows the 20 most recent actions across your organization. Each entry shows:
- Action type with a context-specific icon
- Affected resource and relative timestamp
- Actor email, IP address, and metadata on hover
Click the refresh icon in the Audit Log title bar to fetch the latest entries. Or use Secr: View Audit Log for a searchable QuickPick overlay.
Template Validation
If your project has secret templates (required key definitions), run Secr: Validate Templates to check every environment against the template. Missing keys are highlighted per environment so you can catch configuration drift before deployment.
Configuration
| Command | Description |
|---|---|
| secr.apiUrl | Override the API base URL. Leave empty to use the default (https://api.secr.dev) or the value from .secr.json. |
Set via Settings → Extensions → Secr or in your workspace .vscode/settings.json.
Troubleshooting
Empty tree / "Not authenticated"
Run Secr: Login from the Command Palette, or run secr login in a terminal — the extension picks up credentials automatically.
"No .secr.json found"
Run secr init in your project root or create the file manually:
{
"org": "my-org",
"project": "my-project",
"defaultEnvironment": "development"
}Check logs
Open the Output panel (Cmd+Shift+U) and select Secr from the dropdown to see detailed debug logs.
Manage secrets from your editor
# Install the CLI
npm i -g @secr/cli
secr init
# Build the extension
cd extensions/vscode && npm run build
npx vsce package