Third-party authentication tokens/files pass through

[teran]

Hello,

First of all thanks for such a wonderful project allowing to use VS Code literally everywhere!

I'm wondering how I can utilise it for some private projects as long as keeping private keys and tokens private, here's the use case I have:

I'm going to use coder-server behind nginx with Google OAuth2 authentication at the same time I have third-party SSH server powered by Phabricator requiring it's own PHP-based CLI with authentication by token and SSH key to access git(+ssh).

So In my imagine it should be possible to store encrypted SSH key file and arcanist (that's how that PHP-based CLI is called) configuration with token in browser's web storage and decrypt them upon request (with FUSE-based filesystem for instance).

The main goal here is not to store any authentication and private data (expect git repositories) on the system which hosts coder-server.

It looks like it will require the following components to develop:

• FUSE-based FS to provide sensitive data as files
• Some kind of middleware to retrieve the data from browser's web storage

Could you please provide some feedback about the whole idea or probably provide any solution if it's know for such case?

Thanks in advance.

[code-asher]

The closest existing (and most secure) solution I can think of is to do SSH forwarding from the client. I don't know of anything that mounts browser storage to a remote file system although it sounds like a really cool idea.

[teran]

Hm... using SSH is not a best way for iPads or probably even Androids...
Anyway thanks for the feedback!

[code-asher]

There are applications that support SSH tunneling and key forwarding for both iOS and Android (I haven't used the iOS ones personally though).

But even so I agree it's not as user-friendly as being able to just open a browser!