Save SSH passwords - Githubissues

Natizyskunk / vscode-sftp

Super fast sftp/ftp extension for VS Code

Other

373 stars 68 forks source link

Save SSH passwords #473

Open Entretoize opened 4 months ago

Entretoize commented 4 months ago

Is this a similar or duplicate feature request?

[x] No.

Is your feature request related to a problem? Please describe. I'm working on several projects and I can't remember all passwords

Describe the solution you'd like When connecting to a new server the password should be asked once, encrypted with a master password and stored. When connecting to a known server, saved password should be decrypted and used, and asked only if not working. Master password should be asked instead of the server one when encrypted password exists.

Describe alternatives you've considered Pasting post-its all around my screen to have all passwords available...

Does this project help you?

[x] Yes. SFTP IS AWESOME!

Entretoize commented 3 months ago

Created a patch : https://github.com/Natizyskunk/vscode-sftp/compare/develop...Entretoize:vscode-sftp:patch-3

Cube707 commented 2 months ago

this sounds like you want SSH-keys (or if you already use them, an SSH-Agent).

This would be to much of a security risk to handle on a extension level IMHO

Entretoize commented 2 months ago

I wont be able to access a shared hosting with ssh-keys. Because hosting provider don't give them.

rbrn-pd commented 2 weeks ago

@Entretoize instead of saving the passwords in a txt file a better solution would be to use the Secrets VS Code API https://code.visualstudio.com/api/references/vscode-api#SecretStorage The API will save and encrypt the passwords.

rbrn-pd commented 2 weeks ago

This would be to much of a security risk to handle on a extension level IMHO

The Secrets VS Code API https://code.visualstudio.com/api/references/vscode-api#SecretStorage was created so extensions can handle this situations in a safe way.

Entretoize commented 2 weeks ago

I think storing aes256 encrypted password in a text file is a safe way to. How the secretstorage works ? I don't find information about it, it doesn't seem to ask for an encryption password, so what is it using ?

rbrn-pd commented 2 weeks ago

Hi @Entretoize The secrets API utilizes Electron Safe Storage to encrypt passwords. The VS Code API already handles encryption/decryption and storage. Therefore, the method proposed in the PR seems redundant. I'm not suggesting that the PR method is incorrect or unsafe; rather, given that this is a VS Code extension, utilizing the existing API should take precedence as it offers a better user experience and Microsoft will handle everything related to bug/security fixes.