Extension secrets are lost on workspace restart

[vitaliy-guliy]

Describe the bug

Some extensions are using Secrets Plugin API https://code.visualstudio.com/api/advanced-topics/remote-extensions#persisting-secrets

Seems at the moment secrets are not persisted to the file system / secret storage and appeared to be lost when workspace restart.

Che version

7.81@latest

Steps to reproduce

I prepared a simple extension to test the bug https://github.com/vitaliy-guliy/vscode-test-extension/tree/persisting-secrets

To test you need:

• create workspace with the repository
• using a devfile commands, install node dependencies and then compile the extension
• launch the extension, add a secret by provided command
• restart workspace
• launch extension again and try to get secret

Expected behavior

Secrets must be persisted

Runtime

other (please specify in additional context)

Screenshots

No response

Installation method

other (please specify in additional context)

Environment

other (please specify in additional context)

Eclipse Che Logs

No response

Additional context

Dev Spaces JIRA - https://issues.redhat.com/browse/CRW-5942

[ibuziuk]

@vitaliy-guliy could you please provide investigation details why secrets are not working correctly in che-code?

[vitaliy-guliy]

It's a copy of my comment from https://issues.redhat.com/browse/CRW-5942

Having investigated a bit I can say that if we clone vscode or che-code sources, build web version as it is and run, the secrets will not be persisted because it is configured to save them in memory.
To prove this I can shortly point at the sources with a comment
https://github.com/microsoft/vscode/blob/main/src/vs/workbench/services/secrets/browser/secretStorageService.ts#L25-L27

What can we do here to make secrets persisted?

1. Invest some additional time to investigate the question a bit deeply and check whether it possible to configure the services to store secrets somewhere else. It could be a browser-based storage, or even better to keep the secrets somewhere on the file system.

From the technical side, I see it is possible to configure the secret storage provider here
https://github.com/microsoft/vscode/blob/main/src/vs/code/browser/workbench/workbench.ts#L584
to change the behavior here
https://github.com/microsoft/vscode/blob/main/src/vs/workbench/services/secrets/browser/secretStorageService.ts#L30
but I did not dig the configuration till the deep.

2. If option [1] does not give a result, override BrowserSecretStorageService, inherit get/set/delete methods and implement storing the extension secrets as a kubernetes secret. The service could be reinitialized here
   https://github.com/microsoft/vscode/blob/main/src/vs/workbench/browser/web.main.ts#L418

From my point of view, storing secrets as a kubernetes secret will be most secure option an if it is necessary, the secrets could be shared between workspaces.