Validations
Problem
Currently, the Continue extension requires users to specify API keys for different LLM models in the config.json file in plain text. This poses a security risk, as sensitive credentials are stored in an unencrypted format.
Additional Context
If there’s already a recommended way to handle this securely, please advise. Otherwise, implementing one of the above solutions would improve security for all users.
Thanks for considering this feature request!
Solution
Proposed Solution
Would it be possible to:
1. Allow specifying an external file for API keys (e.g., .env or a secure config file)?
2. Support environment variables to load API keys dynamically?
3. Integrate with secure credential managers (e.g., OS keychain, vaults, or secret management tools)?
Benefits
• Reduces the risk of accidental credential leaks.
• Enhances security by keeping sensitive information separate from the main configuration file.
• Aligns with best practices for API key management.
Validations
Problem
Currently, the Continue extension requires users to specify API keys for different LLM models in the config.json file in plain text. This poses a security risk, as sensitive credentials are stored in an unencrypted format.
Additional Context
If there’s already a recommended way to handle this securely, please advise. Otherwise, implementing one of the above solutions would improve security for all users.
Thanks for considering this feature request!
Solution
Proposed Solution
Would it be possible to:
1. Allow specifying an external file for API keys (e.g., .env or a secure config file)?
2. Support environment variables to load API keys dynamically?
3. Integrate with secure credential managers (e.g., OS keychain, vaults, or secret management tools)?
Benefits
• Reduces the risk of accidental credential leaks.
• Enhances security by keeping sensitive information separate from the main configuration file.
• Aligns with best practices for API key management.