Open BenjaminHoegh opened 1 year ago
The use case makes sense. However, I don't see how this can be done without compromising security. Let me know if there is a secure way to sync between vscode instances.
You could make use of the user settings.json that syncs over GitHub or MS Account. This will make sure non-other than the specific user has access to the settings. But the drawback is that every extension will have access, so here we may use encryption and use a password to unlock it, this password could be then only stored in Rubberduck so that you just have to verify new machines to get access to it
And how would entering that password be different from entering an API key (which you can store in any secure password manager such as 1Password)?
I don't like the thought of making an open source tool more complex than needed in a critical area such as security. Any mistake here is open to be exploited, which is why I want to keep it simple and just use the standard vscode secrets API.
Make Rubberduck sync OpenAI API Key, this will help preventing the need of having multiple keys for each computer