Add initial support for Get-Credential #114
Comments
|
Seems like VSCode could use a generic mechanism to get credentials not just for this extension either. I've been trying VSCode's Git support on Linux. When my cached credentials expire, Git commands in VSCode fail (when it could prompt for credentials). I have to go into Bash and re-enter my credentials. Then Git in VSCode works for a while longer. |
|
Yeah, the problem is that even if they provide a secure way to enter credentials I still need to have a secure way to send them to the host process. Might be able try public-key encryption but that will take some effort to get going. |
|
If the VSCode side supported this then I could imagine them using DPAPI to encrypt the creds and then we'd use DPAPI to decrypt. However the limitation with DPAPI is it is per user and per machine. So it wouldn't work in the case of the extension running on a different box. I wonder if it makes sense at some point if the stdio between VSCode and extension happened via SSH? Disclaimer - I can barely spell SSH and have only a vague idea what it is. So if that idea makes no sense at all, apologies in advance. :-) |
|
DPAPI could be a decent solution on the local machine, I might ask the VS Code team about that. As far as SSH is concerned, I was considering the possibility of using that for remote stdio communication (or potentially WebSockets over SSL), so we'll be able to get an encrypted remote channel one way or another. Local SSH is an interesting idea but would probably require more setup work for the user. |
|
Unfortunately this needs to be moved to 0.5.0 as I ran out of time to get it done. |
|
For what it's worth - if you try to do the same thing in Visual Studio 2013 with Powershell Tools installed it does prompt you for secure and even non-secure things in a modal as you've described while debugging. It's not a terrible solution all things considered. Thanks! ..looking forward to this one so I can switch to VS Code. |
|
Yep, I've considered using a similar approach, but the upcoming interactive terminal experience for VS Code should hopefully circumvent the need for that. If that doesn't pan out then I'll definitely go for the modal dialog experience. |
|
Are there any timelines for the upcoming interactive terminal experience? |
|
Current goal is to have a first release of it out by the end of February, I'll be starting on it next week. |
|
This has been implemented, release should happen tomorrow! |
Release 0.5.0
Get-Credentialsupport is often necessary for users who are writing administrative scripts. I don't currently have a good idea for how to implement this securely via the host protocol because it might require plaintext credentials crossing process boundaries. I'll need to consult security experts before I'll feel safe building a general solution.A better short-term solution would be to have the language/debugging service process raise a WPF dialog which can handle the credentials securely in-process. The user experience of this may be slightly poor due to having a modal window appear which isn't attached to the editor client process, but it's better in the short term than passing credentials in an insecure way.
The text was updated successfully, but these errors were encountered: