Editors

Trestle integrates with editors in two ways: a dedicated extension for Visual Studio Code, and a Language Server Protocol implementation that works with any LSP-compatible editor. Both report findings as inline diagnostics, using the same scanner and rules as the command line.

Visual Studio Code

Install the Trestle extension from the Visual Studio Marketplace.

The extension includes the Trestle Community binary for the current platform, so no further setup is required after installing. Open any file in the editor and findings appear inline. Hover a finding to see the credential type and the rule that matched.

Using a different binary

The extension resolves the trestle binary in this order:

The path set in trestle.path, when present.
trestle on the system PATH.
The Community binary included with the extension.

To use the Pro edition through the extension, install the Pro binary. The Pro installer places trestle on the system PATH, so the extension uses it after the next restart with no further configuration. To pin a specific binary (for example, when multiple versions are installed side by side), set trestle.path to its absolute path.

Settings

`trestle.path`

Absolute path to a specific trestle executable. When empty (the default), the extension uses the resolution order above.

`trestle.trace`

When set to true, the extension logs every message exchanged with the language server along with extra diagnostic information. Used when reporting a problem. Disabled by default.

Commands

`Trestle: Restart Language Server`

Reloads the path to the trestle binary and restarts the language server. Run after changing trestle.path or after upgrading the binary.

Other editors (LSP)

Any editor with LSP support can use Trestle. Configure the editor to launch:

trestle lsp

The server communicates over stdio and publishes diagnostics for every file in the workspace. Setup details vary by editor. The sections below cover the common cases.

Neovim

With nvim-lspconfig, register Trestle as a custom server and attach it to the file types to be scanned. The command is trestle lsp, with no additional arguments.

Helix

Add Trestle as a language server in languages.toml and reference it from each language's language-servers list. The command is trestle with the single argument lsp.

Zed

JetBrains IDEs

Use the built-in LSP support (available in IntelliJ IDEA Ultimate, PyCharm Professional, and other paid editions) to register trestle lsp as a language server.

Pro

Trestle is open core. The Community edition detects credentials and reports their location. The Pro edition adds remediation guidance: for every finding, the steps to remove the secret from source, what to keep in a local .env, and per-platform rotation instructions for the deployment targets detected in the repository (AWS, GitHub Actions, Vercel, Netlify, Kubernetes, Doppler, and others).

See Pricing for what is included in the Pro edition and how to purchase it.

The Pro edition is a drop-in replacement for the Community binary. After purchasing Pro, install the Pro binary and register the license once per machine:

trestle register YOUR-LICENSE-KEY

The key is saved to the user's configuration directory and applies to every subsequent trestle invocation on that machine. Use trestle license-info to see the saved license's status. For one-off use without saving (for example, in CI), pass --license-key on the command line.

Once a license is registered, the --explain option on trestle scan includes remediation guidance with each finding, and editor integrations display the guidance in their diagnostics and hovers.