Feature: Auto-mask API keys in VS Code extension chat
Resolved 💬 4 comments Opened Feb 2, 2026 by Arterial78 Closed Mar 3, 2026
API keys and secrets should be automatically detected and masked in the VS Code extension chat interface.
Currently, if an API key appears in conversation (e.g., from reading a config file or user input), it displays in plaintext. This is poor security UX - keys should be redacted to something like sk-proj-****...**** in the display layer.
Many tools implement this pattern (GitHub redacts tokens in logs, etc.). Would improve the security posture of the extension.
Note: This was observed in the VS Code extension - untested whether CLI has the same behavior.
This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗