Server Manager 3 Preview

A preview of version 3 of the InterSystems Server Manager extension for Visual Studio Code which improves the security of stored passwords by integrating with VS Code's Authentication Provider API. This significant new release took part in the November 2021 InterSystems Security Contest.

2021-12-02: This is currently a pre-release extension.

Read this article about how to use VS Code's new pre-release mechanism.

Thanks to George James Software for backing this development effort.

The Authentication Provider

Since version 2, Server Manager has enabled you to store connection passwords in the native keystore of your workstation's operating system. This was a more secure alternative to you putting them as plaintext in your JSON files. However, the getServerSpec function in Server Manager 2's API allowed any installed extension to obtain these stored passwords without requiring your permission.

VS Code's Authentication Provider API, introduced in version 1.54 (February 2021) is now (version 1.63) mature enough for us to use.

Server Manager 3 does the following:

1. Implements an authentication provider called 'intersystems-server-credentials'.
2. Uses this authentication provider when accessing servers from its own Server Tree.
3. No longer returns passwords to callers of getServerSpec.

Items #2 and #3 have implications regarding backward compatibility. An interim legacy mode is available to help with the transition.

Signing In

The first time you expand a server in the tree VS Code displays a modal dialog asking for your permission:

If you allow this and your server definition in intersystems.servers does not specify a username the next step is:

If you proceed, or if this step was skipped because your server definition includes a username, the next step is:

If you click the 'key' button after typing your password it will be saved securely in your workstation keychain, from where the 'InterSystems Server Credentials' authentication provider will be able to retrieve it after you restart VS Code.

If instead you press 'Enter' the password will be available only until you restart VS Code.

Either way, you are now signed in on the specified account.

Trusting Other Extensions

When another extension first asks to use an InterSystems Server Credentials account you must either allow this or deny it. For example, with a pre-release VSIX of the InterSystems ObjectScript extension that uses the new authentication provider you will get this after you click the edit pencil button alongside a namespace in the Server Manager tree:

Managing Signed In Accounts

You can use the menu of VS Code's Accounts icon in the activity bar to manage your signed in accounts:

The 'Manage Trusted Extensions' option lets you remove an extension from the list of those you previously granted access to this InterSystems Server Credentials account:

The 'Sign Out' option lets you sign out this account after confirmation:

When signing out an account for which you previously saved the password will get an option to delete the password, unless you have altered the intersystemsServerManager.credentialsProvider.deletePasswordOnSignout setting:

Legacy Mode

Server Manager 3 makes changes which may degrade the user experience relative to version 2. To revert, make this user-level setting:

"intersystemsServerManager.authentication.provider": "none"

Please only use this as a short term measure until extensions that use the Server Manager getServerSpec API get updated to use the 'intersystems-server-credentials' authentication provider. The setting may be removed in a future release.