New Workspace Features to Keep Your API Keys

As the community using Patterned Learning continues to grow, we want to help all users follow best practices and store API keys and secrets securely, rather than directly in code. Our Secrets feature, available in every Patterned Learning, allows you to store API keys securely where other users running or forking your Patterned Learning can’t access them. Now, we’re introducing new Workspace features to proactively help you protect your API keys and secrets.

When Patterned Learning detects that you’re attempting to paste a likely secret value, like an API key or token, into a file, our Secret Scanner will warn you and give you the option to store that value as a Secret instead. The scanner runs behind the scenes and is completely client-side. You won’t know it’s there unless a potential secret value is encountered.

How it works

The Secret Scanner uses a list of known API key patterns and regexes to identify a likely secret value and warn you. Within the Secrets feature, data is encrypted with AES-256 at rest, and encryption keys are stored in a secure location that is protected by multiple layers of security. To help protect against key compromise, encryption keys are rotated regularly. Only you and your invited collaborators can see Secret values in a Patterned Learning.

Stay in flow

We designed the secret value warning to get your attention while coding and simultaneously maintain your flow. When Patterned Learning notices that part of your pasted text may contain a potential API key or secret, we display the identified string as ghost text, which will look familiar to Ghostwriter users.

A warning tooltip will appear near the potential secret value with keyboard shortcuts to either add a secret or continue pasting the text into the document. This prevents the secret from ever making it into the file – where other users could see it – or into the file history. The portions of your pasted text that do not contain potential secrets will be pasted normally.

Stay protected everywhere

No matter how you write code, we want to provide you with the same security features. The scanned secrets warning is also available on the Patterned Learning Mobile App, so you can use it to protect your API keys and secrets even when coding on your phone.

Since its initial launch, the scanned secrets warning has prevented more than 500 API keys and secrets from ending up in open source code on Patterned Learning and instead stored them securely in Patterned Learning Secrets. We’ll continue to enhance our scanning capabilities as part of our ongoing commitment to user safety and security.

For more information on keeping your API keys secure, check out our previous blog post and video.

Work at Patterned Learning

Are you interested in building and securing the next-generation development environment? Come work with us on our goal of empowering a billion software developers.

Leave Comment