Saving sensitive data with PersistentStateComponent

I am writing a plugin which uses AWS Credentials data to get info from AWS. I let the users set up their ACCESS_KEY and SECRET_KEY in the Setings panel per project, and I store the values with a PersistentStateComponent. The approach has a security flaw, since storing data like this creates a file containing the sensitive information, and this might be a problem, if the users push these data to a public VCS repo (they forget to add the file containing the settings to a .ignore file).

Is there a dedicated way to store sensitive data in InteliiJ?
If not is there a way to make sure the settings file gets ignored (e.g. extending the .ignore plugin, so it gets added, but I really don't like this approach)?
Or what would be a correct approach for this problem?

3 comments
Comment actions Permalink

Perhaps, store the data in the user's configuration directory, rather than in project settings?  Their config directory is usually placed in a protected tree (unless the user specifically defeats that).

0
Comment actions Permalink

One thing that is very important to do here is to set roamingType = RoamingType.DISABLED in your State annotation. This will prevent this data being shared by the Settings Repository plugin. Without that, anyone using this on a team will have that data replicated to all their team members.

Apart from that, IntelliJ does contain a simple password manager. I've never used it, but the class seems to be com.intellij.ide.passwordSafe.PasswordSafe. There are usage examples in the Community source code.

0

Please sign in to leave a comment.