Support for `gitlab-token` in VS Code Plugin for Secure Token Management

[Anselmoo]

Summary

Add support for .pypirc files in the 1Password VS Code plugin to securely manage tokens and prevent accidental public uploads.

Use cases

The feature would help users securely store and manage their tokens in .pypirc files, reducing the risk of uploading sensitive information to public repositories. It would be particularly useful for developers who frequently publish packages to platforms such as GitLab package registry, PyPI, and GitHub environment.

Proposed solution

Implement support for .pypirc files in the 1Password VS Code plugin. This would involve recognizing and properly handling .pypirc files, allowing users to easily set up and manage their tokens for various platforms.

Is there a workaround to accomplish this today?

Currently, there is no straightforward workaround. Users must manually manage their tokens, which increases the risk of accidental public uploads.

References & Prior Work

• Python Packaging User Guide: .pypirc Specification
• GitLab Package Registry: pypi repository

[Anselmoo]

[distutils]
index-servers =
    first-repository
    second-repository

[first-repository]
repository = "<first-repository URL>"
username = "<first-repository username>"
password = "<first-repository password>"

[second-repository]
repository = "<second-repository URL>"
username = "<second-repository username>"
password = "<second-repository password>"

Source: https://packaging.python.org/en/latest/specifications/pypirc/

[Anselmoo]

Actually, it appears that GitLab tokens are not yet included. GitHub tokens will be recognized in .pypirc.

https://github.com/1Password/op-vscode/blob/54ce1a7a09efbe64faf7dd63f29522f4f9bb1a0b/src/secret-detection/patterns.ts#L163C2-L169C4