Keeper Security’s new Visual Studio Code extension brings secure secrets management straight into the coding environment, giving developers a way to handle credentials without bouncing between tools. At its core, the update reduces the everyday risks that come with storing API keys, tokens, and other sensitive information in the wrong place. It also aligns development teams with zero-trust expectations without adding friction to their workflow. Bringing secrets management into the IDE will give MSPs and MSSPs a practical way to cut down on this risk without forcing developers to change how they work.
Bringing Zero-Trust Controls Directly Into the IDE
Eric Kalseth, Senior Director of Global MSP Sales at Keeper Security, frames the update as a practical step toward closing long-standing gaps in how development teams protect credentials. He told MSSP Alert that the team designed the extension so developers don’t have to break their flow.
“The Keeper Security Visual Studio Code extension brings zero-trust secrets management directly into the coding environment,” he explains. “Developers can securely store, retrieve, and generate secrets from their Keeper Vault without leaving VS Code, which eliminates the need to hardcode credentials or store them in plain text.”
Kalseth’s emphasis on eliminating manual handling reflects a pattern across many engineering teams: credentials tend to leak not because of technical flaws, but because people copy, paste, reuse, or stash sensitive strings in places they shouldn’t. By highlighting automatic detection of exposed API keys and tokens, he points to a problem developers often spot too late, usually during code review or, worse, after deployment. “Embedding these capabilities into the development workflow helps teams prevent secret sprawl, maintain compliance, and protect credentials in real time while coding,” he says.
He also notes that the extension is simple to adopt because it’s available in both the Visual Studio Marketplace and the Open VSX Registry. That accessibility matters, especially for teams using VS Code derivatives like Cursor, where developers already expect their tooling to follow them across environments. Bringing encrypted vault access directly into the IDE lets teams manage secrets consistently across projects and languages without reinventing their process.
What the Integration Means for MSPs and Application Security
For MSSPs, MSPs, and partners, the extension offers a clearer way to enforce security guardrails on the development side of their clients’ environments. Kalseth says the focus was on extending zero-trust controls without creating extra work or forcing new workflows. “The VS Code integration extends zero-trust secrets management directly into developer workflows without adding complexity or disrupting existing processes,” he says. “It enables MSPs to reduce client risk by preventing secret sprawl, enforcing least-privilege access, and supporting compliance throughout the software development lifecycle.”
His comments point to a common challenge for MSSPs and MSPs: they’re often responsible for securing environments they don’t fully control, including code that their clients build internally. Placing enterprise-grade protections directly inside a developer’s editor gives MSPs something they rarely have - predictability. Instead of relying on policy alone, they can lean on integrated tooling that enforces secure usage by default.
Kalseth also connects the extension to Keeper’s wider roadmap for privileged access and secrets management. The reality is that development teams work quickly and create credentials at a pace that traditional IT processes struggle to keep up with. “The VS Code extension strengthens Keeper’s vision to simplify security across the enterprise by bringing privileged access and secrets management into the developer workflow,” he says, making clear that this release isn’t an isolated update but part of a longer-term strategy.
He adds that the move aligns with a broader industry trend toward consistent, zero-trust protection across all users and systems. “By extending the same level of protection used by IT and security teams to development environments, organizations can reduce complexity, improve compliance and maintain consistent controls across users, devices and infrastructure.” That means fewer blind spots, fewer opportunities for credential misuse, and fewer surprises when MSPs audit or monitor client environments.
Keeper’s extension is now live on the Visual Studio Marketplace and Open VSX Registry. For organizations using KeeperPAM, it directly connects developer workflows to the platform’s wider capabilities, including credential rotation, least-privilege enforcement and centralized visibility. For developers and MSPs, the value is clear: secrets stay protected inside the tools teams already rely on, without slowing down the work they need to deliver.