Provide a unified, secure, credential store

[avodovnik]

At the moment, extension who need access to various resources need to implement their own credential storage, e.g. for storing tokens. For example, the VSTS extension does this, and what we want to implement in the (community-driven) Azure tools for Vscode, also looks like we'd need to it, to avoid having users sign-in into Azure every single session.

What I'd expect, is the platform (Vscode) to provide a unified interface for secure credential service (ideally something that looks like this: https://github.com/Microsoft/vsts-vscode/blob/master/src/credentialstore/credentialstore.ts)

[bpasero]

@avodovnik this should probably move into the Electron framework, have you guys thought about contributing it to them?

[joaomoreno]

cc @michelkaporin

[michelkaporin]

It would be great to enable it in our API.

As part of smoket test status awareness I've worked on VSTS Build Status extension, that stores password in settings currently, which is not secure.
Visual Studio Team Services Extension had to code their own credential store themselves to tackle the problem. However, their solution is not easily reusable by other extensions as long as it's not extracted in a separate module. Better option would be to have VS Code API that surfaces Credential Store.

There is W3C draft on credentials API (https://w3c.github.io/webappsec-credential-management/), however it is not implemented in Electron, and seems unlikely that it will be there soon. There is an issue on that in their repo electron/electron#7150.

As an option, we can go for keytar node module that provides very intuitive and simple interface to work with system's keychain, that we can surface in our API.

This has a potential in Azure Attach extensions as well as any others that require secure credential store (e.g. SCM extensions).

cc @egamma @chrisdias @kieferm

[chrisdias]

//cc @lostintangent

[bpasero]

@chrmarti this can be closed?

[chrmarti]

Yes, not planned in the near future.