Credentials should *not* be stored in plaintext, much less synced into GitHub as a public gist #482
Assignees
Labels
enhancement
New feature or request
Comments
|
Hi @ELLIOTTCABLE, I hope this will be fixed in #515. Btw, vscode has built-in settings-sync feature, so you doesn't need to use extension that pushes them to Gist. Btw2, my gist was private: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
At the moment, this (and several other drivers) store creds in plaintext — and worse, when Settings Sync is enabled, they can get sync'd to a public GitHub gist.
(See: mtxr/vscode-sqltools#210, mtxr/vscode-sqltools#479, mtxr/vscode-sqltools#927 …)
There's a new-ish API upstream that you can use for this, to properly behave as an AuthenticationProvider; see mtxr/vscode-sqltools#1066 for an example implementation.
This is pretty critical for us, ugh; but please don't take that too aggressively — I recognize this is a best-effort FOSS project. Take care of yourself. 💜
The text was updated successfully, but these errors were encountered: