Skip to content

Replace Devlooped.CredentialManager with Microsoft.AspNetCore.DataProtection.Extensions#20

Open
yungcomputerchair wants to merge 2 commits into
Open-Source-Free-Realms:mainfrom
yungcomputerchair:security
Open

Replace Devlooped.CredentialManager with Microsoft.AspNetCore.DataProtection.Extensions#20
yungcomputerchair wants to merge 2 commits into
Open-Source-Free-Realms:mainfrom
yungcomputerchair:security

Conversation

@yungcomputerchair

@yungcomputerchair yungcomputerchair commented Jul 11, 2026

Copy link
Copy Markdown
Contributor

Devlooped.CredentialManager misled me: it has a hard dependency on Git, so it doesn't work for end-users.
This PR switches to the cross-platform Microsoft.AspNetCore.DataProtection.Extensions package and encrypts a JSON password store at rest in the user's app data folder.
Same CredentialHelper interface, so no other code changes needed; migration from pre-v1.1.1 will still work

@yungcomputerchair

Copy link
Copy Markdown
Contributor Author

@StimpyDev can you test on Windows without Git please :)

}
}

private static Dictionary<string, string> Load()

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider wrapping Load() in try/catch if passwords.dat is corrupt, log a warning and return an empty dictionary so the launcher keeps working.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants