Server Explorer

[mvhenderson]

I would prefer not to store username/password in plain text files, especially ones that could get checked into source control by accident.

This isn't an issue specific to this extension - most extensions needing credentials or API tokens face this issue. (A notable exception is the git extension which is able to leverage the ssh-agent) The VSCode issues list has many items related to this, but no consensus on a "secure token" API.

As a stop-gap I propose adding a "server manager" node to vscode-objectscript settings. Something like this:

{
	"objectscript.servers": {
		"REMOTE": {
			"host": "example.com",
			"port": 50443,
			"username": "devel",
			"password": "secret",
			"https": true
		},
		"LOCAL": {
			"host": "localhost",
			"port": 57772,
			"username": "_SYSTEM",
			"password": "SYS",
			"https": false
		}
	}
}

If this is limited to core ~/.vscode/settings.json and not overridable by workspace/folder it would reduce the chance of credentials leaking via SCM. Then .code-workspace files could reference these servers:

{
	"folders": [
		{
			"name": "local",
			"path": "."
		},{
			"uri": "isfs://${REMOTE}?ns=USER",   //pseudo template string
			"name": "remote"
		}
	],
	"settings": {
		"objectscript.conn": {
			"active": true,
			"ns": "USER",
			"server": "LOCAL"   //explicit server name key
		}
	}
}

[daimor]

At the moment you if VSCode don't able to connect by authentication reason, it should ask you for the password and store in current session.

By default it uses default password, which can be changed globally for user. And if no password settings in lower levels such as workspace and folder, it will reuse user's settings.

Does it make sense?
Can it help?

[mvhenderson]

It works, but my goal here is to pull the entire "connection string" out of workspace/folder settings into user settings, which would in the future use a VSCode API for secure tokens.

[daimor]

It's very tricky at the end. Developers may have completely different own settings, with the same names. And then it may cause some other issues.

So, still sure, that the best way would be to keep it in the .code-workspace file, which can be outside of the folder with source control.

[gjsjohnmurray]

@mvhenderson please try the new feature in 0.8.7 which allows it to use intersystems.servers connection definitions, whose passwords can be stored in your local keystore/keychain courtesy of the InterSystems Server Manager partner extension.

[gjsjohnmurray]

@mvhenderson 0.8.8 is now published, fixing some bugs in the initial release of intersystems.servers feature. Please update and let us know the status of this issue.

[gjsjohnmurray]

Storage of password in keychain arrived in 0.8.7. Closing.

[mvhenderson]

@gjsjohnmurray finally had a chance to test - this works perfectly for my needs. thanks.