Sync API Key

Question

Sync API Key

BenjaminHoegh opened this issue 2 years ago · 3 comments

Make Rubberduck sync OpenAI API Key, this will help preventing the need of having multiple keys for each computer

Answer 1 · 2023-03-10T16:53:44.000Z

The use case makes sense. However, I don't see how this can be done without compromising security. Let me know if there is a secure way to sync between vscode instances.

Answer 2 · 2023-03-12T10:17:23.000Z

You could make use of the user settings.json that syncs over GitHub or MS Account. This will make sure non-other than the specific user has access to the settings. But the drawback is that every extension will have access, so here we may use encryption and use a password to unlock it, this password could be then only stored in Rubberduck so that you just have to verify new machines to get access to it

Answer 3 · 2023-03-12T10:39:33.000Z

And how would entering that password be different from entering an API key (which you can store in any secure password manager such as 1Password)?

I don't like the thought of making an open source tool more complex than needed in a critical area such as security. Any mistake here is open to be exploited, which is why I want to keep it simple and just use the standard vscode secrets API.