Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Provide a unified, secure, credential store #15414

Closed
avodovnik opened this issue Nov 12, 2016 · 6 comments
Closed

Provide a unified, secure, credential store #15414

avodovnik opened this issue Nov 12, 2016 · 6 comments
Assignees
Labels
api feature-request Request for new features or functionality

Comments

@avodovnik
Copy link

avodovnik commented Nov 12, 2016

At the moment, extension who need access to various resources need to implement their own credential storage, e.g. for storing tokens. For example, the VSTS extension does this, and what we want to implement in the (community-driven) Azure tools for Vscode, also looks like we'd need to it, to avoid having users sign-in into Azure every single session.

What I'd expect, is the platform (Vscode) to provide a unified interface for secure credential service (ideally something that looks like this: https://github.com/Microsoft/vsts-vscode/blob/master/src/credentialstore/credentialstore.ts)

@aeschli aeschli added the feature-request Request for new features or functionality label Nov 14, 2016
@bpasero
Copy link
Member

bpasero commented Nov 14, 2016

@avodovnik this should probably move into the Electron framework, have you guys thought about contributing it to them?

@bpasero bpasero removed their assignment Nov 14, 2016
@joaomoreno joaomoreno added the api label Jun 26, 2017
@joaomoreno
Copy link
Member

cc @michelkaporin

@michelkaporin
Copy link
Contributor

michelkaporin commented Jun 27, 2017

It would be great to enable it in our API.

As part of smoket test status awareness I've worked on VSTS Build Status extension, that stores password in settings currently, which is not secure.
Visual Studio Team Services Extension had to code their own credential store themselves to tackle the problem. However, their solution is not easily reusable by other extensions as long as it's not extracted in a separate module. Better option would be to have VS Code API that surfaces Credential Store.

There is W3C draft on credentials API (https://w3c.github.io/webappsec-credential-management/), however it is not implemented in Electron, and seems unlikely that it will be there soon. There is an issue on that in their repo electron/electron#7150.

As an option, we can go for keytar node module that provides very intuitive and simple interface to work with system's keychain, that we can surface in our API.

This has a potential in Azure Attach extensions as well as any others that require secure credential store (e.g. SCM extensions).

cc @egamma @chrisdias @kieferm

@chrisdias
Copy link
Member

//cc @lostintangent

@bpasero
Copy link
Member

bpasero commented Nov 16, 2017

@chrmarti this can be closed?

@bpasero bpasero removed the workbench label Nov 16, 2017
@chrmarti
Copy link
Collaborator

Yes, not planned in the near future.

@vscodebot vscodebot bot locked and limited conversation to collaborators Dec 31, 2017
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
api feature-request Request for new features or functionality
Projects
None yet
Development

No branches or pull requests

7 participants