Feature: Use vscode Secret Storage to store passwords, instead of Windows Credential Manager

[cheenamalhotra]

• Azure Data Studio Version: 1.39.1
• OS Version: Windows 11

Identified in https://github.com/microsoft/azuredatastudio/issues/20972#issuecomment-1291276907, after exhausting limits of saved credentials by ADS in Windows (with password/ azure tokens), even on clicking 'Remember Password' for a new server/db, new connections don't save credentials to credential manager anymore.

Steps to Reproduce:

• Create 20+ databases and keep on saving password for each database in connection profile with SQL Login for all the databases.
• Depending on how many passwords you already have saved, after a certain limit, remembering passwords will no longer work. New passwords will no longer be saved.

Mitigation

• Removing saved credentials allow saving new passwords.

Solution

• Use vscode secretstorage to store passwords instead or look into storage expansion options. It seems VS Code is capable of expanding it's storage after hitting the limit.

Expected Behavior: Saving passwords/access tokens should always work!

[Charles-Gagnon]

How exactly are you seeing this surface? I have way more than 20 stored in Windows Credential Manager

and I haven't seen any problems. Given that VS Code uses credential manager for storing secrets from extensions if there really was a limit of 20 that'd pretty much make that feature unusable.

[cheenamalhotra]

I am able to reproduce this also with the CredentialManager PS Module. Error Code 8 points to ERROR_NOT_ENOUGH_MEMORY so that makes sense. But as you can see the limit seems to be 14 for me... I cannot create any more credentials after this error from any PS session and it stays stuck at 15th.

Install-Module CredentialManager -force
New-StoredCredential -Target 'Microsoft.SqlTools|itemtype:Profile|id:providerName:Oracle' -UserName * -Password 'anything' -Persist LocalMachine
New-StoredCredential -Target 'Microsoft.SqlTools|itemtype:Profile|id:providerName:Oracle1' -UserName * -Password 'anything' -Persist LocalMachine
New-StoredCredential -Target 'Microsoft.SqlTools|itemtype:Profile|id:providerName:Oracle2' -UserName * -Password 'anything' -Persist LocalMachine
New-StoredCredential -Target 'Microsoft.SqlTools|itemtype:Profile|id:providerName:Oracle3' -UserName * -Password 'anything' -Persist LocalMachine
New-StoredCredential -Target 'Microsoft.SqlTools|itemtype:Profile|id:providerName:Oracle4' -UserName * -Password 'anything' -Persist LocalMachine
New-StoredCredential -Target 'Microsoft.SqlTools|itemtype:Profile|id:providerName:Oracle5' -UserName * -Password 'anything' -Persist LocalMachine
New-StoredCredential -Target 'Microsoft.SqlTools|itemtype:Profile|id:providerName:Oracle6' -UserName * -Password 'anything' -Persist LocalMachine
New-StoredCredential -Target 'Microsoft.SqlTools|itemtype:Profile|id:providerName:Oracle7' -UserName * -Password 'anything' -Persist LocalMachine
New-StoredCredential -Target 'Microsoft.SqlTools|itemtype:Profile|id:providerName:Oracle8' -UserName * -Password 'anything' -Persist LocalMachine
New-StoredCredential -Target 'Microsoft.SqlTools|itemtype:Profile|id:providerName:Oracle9' -UserName * -Password 'anything' -Persist LocalMachine
New-StoredCredential -Target 'Microsoft.SqlTools|itemtype:Profile|id:providerName:Oracle10' -UserName * -Password 'anything' -Persist LocalMachine
New-StoredCredential -Target 'Microsoft.SqlTools|itemtype:Profile|id:providerName:Oracle11' -UserName * -Password 'anything' -Persist LocalMachine
New-StoredCredential -Target 'Microsoft.SqlTools|itemtype:Profile|id:providerName:Oracle12' -UserName * -Password 'anything' -Persist LocalMachine
New-StoredCredential -Target 'Microsoft.SqlTools|itemtype:Profile|id:providerName:Oracle13' -UserName * -Password 'anything' -Persist LocalMachine
New-StoredCredential -Target 'Microsoft.SqlTools|itemtype:Profile|id:providerName:Oracle14' -UserName * -Password 'anything' -Persist LocalMachine
New-StoredCredential -Target 'Microsoft.SqlTools|itemtype:Profile|id:providerName:Oracle15' -UserName * -Password 'anything' -Persist LocalMachine

Can you run this at your end and share output if your env is working differently?

[cheenamalhotra]

Related topic: https://learn.microsoft.com/en-us/answers/questions/896113/github-issue-microsoft-visual-studio-we-could-not.html

[Charles-Gagnon]

Well that's super weird. Honestly though - if we're going to be looking into this I would highly suggest we look at using the extension secret storage instead of this separate service. That way we keep all our credential management in the app in the same place and avoid the overhead of making these RPC calls and having to start up an EXE just for that.

I'll try to find some time for trying to repro this issue myself at some point later, will update on my findings.

[cheenamalhotra]

It seems VS Code is capable of expanding Storage on Windows, as soon as it hits this error, something we should also look into for Azure Data Studio. I noticed this error in VSCode MSSQL extension, and it did not reappear even after adding 5-6 more credentials.