Previewing Server Manager 3.0 for VS Code

The InterSystems Server Manager extension for Visual Studio Code lets you define connections to your servers, list their namespaces and edit or view code there. You can also launch Portal for a server.

Server Manager 3.0 improves security by becoming a VS Code Authentication Provider. It is my entry for the November 2021 InterSystems Security Contest. Click here to visit the contest page where you may decide to vote for this entry. Please ignore the clickable "Contestant" label on this article header above, as it relates to a different contest for new DC articles. If you want to support me in that contest, simply "like" this post.

Overview

The current Server Manager 2.0 is able to store connection passwords in the native keystore of your workstation's operating system. This is a more secure alternative to you putting them as plaintext in your JSON files. However, the `getServerSpec` function in Server Manager 2.0's API allows any installed extension to obtain these stored passwords without requiring your permission.

VS Code's Authentication Provider API, introduced in version 1.54 (February 2021) is now mature enough for us to use.

Server Manager 3.0 does the following:

1. Implements an authentication provider called 'intersystems-server-credentials'.
2. Uses this authentication provider when accessing servers from its own Server Tree.
3. No longer returns passwords to callers of `getServerSpec`.

Signing In

The first time you expand a server in the tree VS Code displays a modal dialog asking for your permission:

If you allow this and your server definition in intersystems.servers does not specify a `username` the next step is:

If you proceed, or if this step was skipped because your server definition includes a username, the next step is:

If you click the 'key' button after typing your password it will be saved securely in your workstation keychain, from where the 'InterSystems Server Credentials' authentication provider will be able to retrieve it after you restart VS Code.

If instead you press 'Enter' the password will be available only until you restart VS Code.

Either way, you are now signed in on the specified account.

Trusting Other Extensions

When another extension first asks to use an InterSystems Server Credentials account you must either allow this or deny it. For example, with a pre-release VSIX of the InterSystems ObjectScript extension that uses the new authentication provider you will get this after you click the edit pencil button alongside a namespace in the Server Manager tree:

Managing Signed In Accounts

You can use the menu of VS Code's Accounts icon in the activity bar to manage your signed in accounts:

The 'Manage Trusted Extensions' option lets you remove an extension from the list of those you previously granted access to this InterSystems Server Credentials account:

The 'Sign Out' option lets you sign out this account after confirmation:

When signing out an account for which you previously saved the password will get an option to delete the password, unless you have altered the `intersystemsServerManager.credentialsProvider.deletePasswordOnSignout` setting:

Feedback welcome

Please comment on this post. And if you like the new features please vote for Server Manager 3.0 in the contest. Voting closes at midnight EST on Sunday December 5th.