Saving sensitive data with PersistentStateComponent
I am writing a plugin which uses AWS Credentials data to get info from AWS. I let the users set up their ACCESS_KEY and SECRET_KEY in the Setings panel per project, and I store the values with a PersistentStateComponent. The approach has a security flaw, since storing data like this creates a file containing the sensitive information, and this might be a problem, if the users push these data to a public VCS repo (they forget to add the file containing the settings to a .ignore file).
Is there a dedicated way to store sensitive data in InteliiJ?
If not is there a way to make sure the settings file gets ignored (e.g. extending the .ignore plugin, so it gets added, but I really don't like this approach)?
Or what would be a correct approach for this problem?
请先登录再写评论。
https://plugins.jetbrains.com/docs/intellij/persisting-sensitive-data.html
Perhaps, store the data in the user's configuration directory, rather than in project settings? Their config directory is usually placed in a protected tree (unless the user specifically defeats that).
One thing that is very important to do here is to set roamingType = RoamingType.DISABLED in your State annotation. This will prevent this data being shared by the Settings Repository plugin. Without that, anyone using this on a team will have that data replicated to all their team members.
Apart from that, IntelliJ does contain a simple password manager. I've never used it, but the class seems to be com.intellij.ide.passwordSafe.PasswordSafe. There are usage examples in the Community source code.