Provide a secret storage for extensions outside of settings.json #49359
Assignees
Labels
*duplicate
Issue identified as a duplicate of another issue(s)
Comments
|
/duplicate #31131 Thanks for sharing your input. Unfortunately this is currently out of scope. |
vscodebot
bot
added
the
*duplicate
|
Thanks for creating this issue! We figured it's covering the same as another one we already have. Thus, we closed this one as a duplicate. You can search for existing issues here. See also our issue reporting guidelines. Happy Coding! |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
This issue is related to #15909 but I think it deserves special attention, therefore I'm creating a new issue.
A very strong point for split configurations is the handling of secrets which are stored within the settings.json by some extensions. One example for this is Github gist extension which stores an oauth token. Many people have already shared their settings.json including this exact token, which you can confirm yourself in less than a minute.
I'm certain most cases are not intentional by the user who shared their Github gist token in this way, and that they simply were not aware of it being there in the first place.
A short-term solution would be to make the settings extensible as described in #15909. This way people could split their tokens out manually.
A proper solution would be to provide a secret storage API which they could use, and which would be encrypted with a user provided password, hooked into gnupg2, or any other similar secure implementation.
The text was updated successfully, but these errors were encountered: