Hello :wave: I'm Tyler from the VS Code team. I'm opening this issue because you use the keytar shim that VS Code provides.
Keytar is officially archived and not being maintained... In an effort to promote good security practices by not depending on an archived piece of software for storing secrets, we are working on a plan to remove this shim from VS Code. We want to communicate this to you so we minimize the disruption due to this change, hence this issue. I know this isn't the best news... we had a fair amount of work to remove our dependency on keytar as well, but we believe this is the right thing to do to ensure extensions are using secure APIs.
There are a couple of options for you to consider:
(recommended) Use the SecretStorage API that VS Code provides on the ExtensionContext. This API is cross-platform and will work on all platforms that VS Code supports. It is also maintained by the VS Code team and will continue to be maintained and has been a part of the VS Code API for years at this point.
(not recommended) You can bundle the keytar module with your extension. Keep in mind that keytar is a native node module which means that you will need to publish a platform specific extension for each platform you want to support.
Timeline
The current plan is to remove this shim from VS Code Insiders in early July which means that August 2023's stable release will be the first release without the shim.
Questions?
If you have any questions, please feel free to ask them here. I will do my best to answer them as quickly as possible. Your cooperation is greatly appreciated :heart:
Hello :wave: I'm Tyler from the VS Code team. I'm opening this issue because you use the keytar shim that VS Code provides.
Keytar is officially archived and not being maintained... In an effort to promote good security practices by not depending on an archived piece of software for storing secrets, we are working on a plan to remove this shim from VS Code. We want to communicate this to you so we minimize the disruption due to this change, hence this issue. I know this isn't the best news... we had a fair amount of work to remove our dependency on keytar as well, but we believe this is the right thing to do to ensure extensions are using secure APIs.
There are a couple of options for you to consider:
Timeline
The current plan is to remove this shim from VS Code Insiders in early July which means that August 2023's stable release will be the first release without the shim.
Questions?
If you have any questions, please feel free to ask them here. I will do my best to answer them as quickly as possible. Your cooperation is greatly appreciated :heart: