vscode-sftp icon indicating copy to clipboard operation
vscode-sftp copied to clipboard

Published 20 hours ago verified publisher icon Natizyskunk

Save SSH passwords

Open Entretoize opened this issue 1 year ago • 7 comments

Is this a similar or duplicate feature request?

  • [x] No.

Is your feature request related to a problem? Please describe. I'm working on several projects and I can't remember all passwords

Describe the solution you'd like When connecting to a new server the password should be asked once, encrypted with a master password and stored. When connecting to a known server, saved password should be decrypted and used, and asked only if not working. Master password should be asked instead of the server one when encrypted password exists.

Describe alternatives you've considered Pasting post-its all around my screen to have all passwords available...

Does this project help you?

  • [x] Yes. SFTP IS AWESOME!

Entretoize avatar Feb 27 '24 09:02 Entretoize

Created a patch : https://github.com/Natizyskunk/vscode-sftp/compare/develop...Entretoize:vscode-sftp:patch-3

Entretoize avatar Mar 12 '24 15:03 Entretoize

this sounds like you want SSH-keys (or if you already use them, an SSH-Agent).

This would be to much of a security risk to handle on a extension level IMHO

Cube707 avatar Apr 18 '24 08:04 Cube707

I wont be able to access a shared hosting with ssh-keys. Because hosting provider don't give them.

Entretoize avatar Apr 18 '24 08:04 Entretoize

@Entretoize instead of saving the passwords in a txt file a better solution would be to use the Secrets VS Code API https://code.visualstudio.com/api/references/vscode-api#SecretStorage The API will save and encrypt the passwords.

rbrn-pd avatar Jun 14 '24 03:06 rbrn-pd

This would be to much of a security risk to handle on a extension level IMHO

The Secrets VS Code API https://code.visualstudio.com/api/references/vscode-api#SecretStorage was created so extensions can handle this situations in a safe way.

rbrn-pd avatar Jun 14 '24 03:06 rbrn-pd

I think storing aes256 encrypted password in a text file is a safe way to. How the secretstorage works ? I don't find information about it, it doesn't seem to ask for an encryption password, so what is it using ?

Entretoize avatar Jun 14 '24 05:06 Entretoize

Hi @Entretoize The secrets API utilizes Electron Safe Storage to encrypt passwords. The VS Code API already handles encryption/decryption and storage. Therefore, the method proposed in the PR seems redundant. I'm not suggesting that the PR method is incorrect or unsafe; rather, given that this is a VS Code extension, utilizing the existing API should take precedence as it offers a better user experience and Microsoft will handle everything related to bug/security fixes.

rbrn-pd avatar Jun 14 '24 18:06 rbrn-pd