rubberduck-ai / rubberduck-vscode

Use AI-powered code edits, explanations, code generation, error diagnosis, and chat in Visual Studio Code with the official OpenAI API.
https://marketplace.visualstudio.com/items?itemName=Rubberduck.rubberduck-vscode
MIT License
607 stars 77 forks source link

Sync API Key #71

Open BenjaminHoegh opened 1 year ago

BenjaminHoegh commented 1 year ago

Make Rubberduck sync OpenAI API Key, this will help preventing the need of having multiple keys for each computer

lgrammel commented 1 year ago

The use case makes sense. However, I don't see how this can be done without compromising security. Let me know if there is a secure way to sync between vscode instances.

BenjaminHoegh commented 1 year ago

You could make use of the user settings.json that syncs over GitHub or MS Account. This will make sure non-other than the specific user has access to the settings. But the drawback is that every extension will have access, so here we may use encryption and use a password to unlock it, this password could be then only stored in Rubberduck so that you just have to verify new machines to get access to it

lgrammel commented 1 year ago

And how would entering that password be different from entering an API key (which you can store in any secure password manager such as 1Password)?

I don't like the thought of making an open source tool more complex than needed in a critical area such as security. Any mistake here is open to be exploited, which is why I want to keep it simple and just use the standard vscode secrets API.