Open
Conversation
|
Collaborator
mahesh-panchal
left a comment
mahesh-panchal
left a comment
There was a problem hiding this comment.
Thank you. There are some spelling mistakes and some things I think would be valuable to add.
|
|
||
| For Copilot (any other AI service) to be able to make suggestions for your code it has to look at what code you have so far. It could be when it suggest the next line of code you could write, or if it analyses your entire code base. The computations for making these suggestions are not done locally, so for it to be able to make a suggestion it has to send whatever code you have to the AI service's API where their GPU cluster will crunch the numbers and make a suggestion. This might be fine for your general code, but you don't want to to send things like API keys, login credentials, or other sensitive data you are not supposed to share with anyone. | ||
|
|
||
| This tutorial will show you steps you can take to protect sensitive date from being sent, and some of the pitfalls you might encounter. We will use VSCode and Copilot as our demo setup. It is inspired by the excellent blog post by *Miloslav Homer*, [Cautiously Configuring Copilot](https://code.kiwi.com/articles/cautiously-configuring-copilot/) |
Collaborator
There was a problem hiding this comment.
Suggested change
| This tutorial will show you steps you can take to protect sensitive date from being sent, and some of the pitfalls you might encounter. We will use VSCode and Copilot as our demo setup. It is inspired by the excellent blog post by *Miloslav Homer*, [Cautiously Configuring Copilot](https://code.kiwi.com/articles/cautiously-configuring-copilot/) | |
| This tutorial will show you steps you can take to protect sensitive data from being sent, and some of the pitfalls you might encounter. We will use VSCode and Copilot as our demo setup. It is inspired by the excellent blog post by *Miloslav Homer*, [Cautiously Configuring Copilot](https://code.kiwi.com/articles/cautiously-configuring-copilot/) |
|
|
||
|  | ||
|
|
||
| A "problem" with this list is that it is used as a global setting and that it is persistent even if you restart VSCode. That sounds like, and most often are, good features but it can get you in trouble. |
Collaborator
There was a problem hiding this comment.
Suggested change
| A "problem" with this list is that it is used as a global setting and that it is persistent even if you restart VSCode. That sounds like, and most often are, good features but it can get you in trouble. | |
| A limitation of this list is that it's a global, persistent setting that remains active across VSCode sessions. While this is normally convenient, it creates a security risk when working with sensitive data. |
Does this convey the sentiment better?
|
|
||
| So if you have the default case `*` set to `false`, and you open a shell script file and enable the code completion using the shortcut, it will set `*` to `true` since you have not specified shell scripts in the list. The next time you open a `dotenv` file it will be posted as soon as you type anything in the file, as the `dotenv` file is not specified in the list either. A more sane approach by VSCode would have been to automatically create a entry in the list for shell scripts and set that to `true`, leaving the default case value unchanged, or make the setting only for that file until you restart the editor. | ||
|
|
||
| Apart from the risks of misconfiguring the file type permissions and accidentally posting your file, there is another way to mess up that is even . The list of file types and permissions only apply to the inline completion. The Copilot chat in the sidebar completely disregards this list and will happily post any and all files in your project folder. |
Collaborator
There was a problem hiding this comment.
Suggested change
| Apart from the risks of misconfiguring the file type permissions and accidentally posting your file, there is another way to mess up that is even . The list of file types and permissions only apply to the inline completion. The Copilot chat in the sidebar completely disregards this list and will happily post any and all files in your project folder. | |
| Apart from the risks of misconfiguring the file type permissions and accidentally posting your file, there is another way to mess up that is even more serious. The list of file types and permissions only apply to the inline completion. The Copilot chat in the sidebar completely disregards this list and will happily post any and all files in your project folder. |
|
|
||
| ## `.gitignore` exclusion | ||
|
|
||
| Another setting that you could enable is the `Explorer: Exclude Git Ignore` option. This will make VSCode's file browser hide any files you have in your `.gitignore` file. This will make it harder to accidentally open sensitive files in VSCode, and should keep the inline code completion from posting your sensitive data. The Copilot chat will still be able to read and post the files though, making the option less usefull from a security perspective. |
Collaborator
There was a problem hiding this comment.
Suggested change
| Another setting that you could enable is the `Explorer: Exclude Git Ignore` option. This will make VSCode's file browser hide any files you have in your `.gitignore` file. This will make it harder to accidentally open sensitive files in VSCode, and should keep the inline code completion from posting your sensitive data. The Copilot chat will still be able to read and post the files though, making the option less usefull from a security perspective. | |
| Another setting that you could enable is the `Explorer: Exclude Git Ignore` option. This will make VSCode's file browser hide any files you have in your `.gitignore` file. This will make it harder to accidentally open sensitive files in VSCode, and should keep the inline code completion from posting your sensitive data. The Copilot chat will still be able to read and post the files though, making the option less useful from a security perspective. |
|
|
||
| * There is as of now no reliable way to stop Copilot from posting sensitive files if you keep them in your workspace folder. Just keep the sensitive data somewhere else. | ||
|
|
||
| * The file type based settings are easy to misconfigure, and using the inline code completion toggle can have unintended consequeses. |
Collaborator
There was a problem hiding this comment.
Suggested change
| * The file type based settings are easy to misconfigure, and using the inline code completion toggle can have unintended consequeses. | |
| * The file type based settings are easy to misconfigure, and using the inline code completion toggle can have unintended consequences. |
|
|
||
| ## Man-in-the-Middle Proxy | ||
|
|
||
| To be able to see what is actually being sent to Copilot we will use a [man-in-the-middle proxy](https://en.wikipedia.org/wiki/Man-in-the-middle_attack) called [mitmproxy](https://hub.docker.com/r/mitmproxy/mitmproxy/). We will configure our Copilot plugin to send all requests through this proxy so that we can spy on what is being sent. We will also disable a security check (`NODE_TLS_REJECT_UNAUTHORIZED`) in VSCode to make this possible, as it will notice that the data is not being sent directly to the Copilot servers. |
Collaborator
There was a problem hiding this comment.
Suggested change
| To be able to see what is actually being sent to Copilot we will use a [man-in-the-middle proxy](https://en.wikipedia.org/wiki/Man-in-the-middle_attack) called [mitmproxy](https://hub.docker.com/r/mitmproxy/mitmproxy/). We will configure our Copilot plugin to send all requests through this proxy so that we can spy on what is being sent. We will also disable a security check (`NODE_TLS_REJECT_UNAUTHORIZED`) in VSCode to make this possible, as it will notice that the data is not being sent directly to the Copilot servers. | |
| To be able to see what is actually being sent to Copilot we will use a [man-in-the-middle proxy](https://en.wikipedia.org/wiki/Man-in-the-middle_attack) called [mitmproxy](https://hub.docker.com/r/mitmproxy/mitmproxy/). We will configure our Copilot plugin to send all requests through this proxy so that we can spy on what is being sent. We will also disable a security check (`NODE_TLS_REJECT_UNAUTHORIZED`) in VSCode to make this possible, as it will notice that the data is not being sent directly to the Copilot servers. | |
| ::: {.callout-warning} | |
| ## Security Warning | |
| The `NODE_TLS_REJECT_UNAUTHORIZED=0` setting disables SSL certificate validation and should **ONLY** be used for this testing exercise. Never use this in production environments or when handling real sensitive data. | |
| :::``` |
|
|
||
| ## Secrets managers | ||
|
|
||
| If you are using Docker for deployment you can make use of [Docker Swarm Secrets](https://docs.docker.com/engine/swarm/secrets/), in which you can store your sensitive data (500kb max) in a database that docker manages, and the containers can access the secret as if it was a file inside the container. Various cloud providers have similar solutions, e.g. AWS Secrets Manager, Azure Key Vault, GCP Secrets Manager. |
Collaborator
There was a problem hiding this comment.
Mention also local secrets managers like MacOS keychain. If there's a library that helps access all these different methods of key supply, then mention that too.
Also say something about .env to use as a last resort and best practice.
|
|
||
| # Summary | ||
|
|
||
| * There is as of now no reliable way to stop Copilot from posting sensitive files if you keep them in your workspace folder. Just keep the sensitive data somewhere else. |
Collaborator
There was a problem hiding this comment.
What about .copilotignore? OK. That doesn't work - https://docs.github.com/en/copilot/how-tos/configure-content-exclusion/exclude-content-from-copilot. Can we include a note on this so people don't try it.
Also VSCode also has a trust function that disables agents https://code.visualstudio.com/docs/editing/workspaces/workspace-trust#_ai-agents
| ## Secrets managers | ||
|
|
||
| If you are using Docker for deployment you can make use of [Docker Swarm Secrets](https://docs.docker.com/engine/swarm/secrets/), in which you can store your sensitive data (500kb max) in a database that docker manages, and the containers can access the secret as if it was a file inside the container. Various cloud providers have similar solutions, e.g. AWS Secrets Manager, Azure Key Vault, GCP Secrets Manager. | ||
|
|
Collaborator
There was a problem hiding this comment.
Suggested change
| # Cleaning Up After Testing | |
| After completing this tutorial, restore your secure configuration: | |
| 1. Remove the proxy settings from VSCode (Settings → search "proxy" → clear the Http: Proxy field) | |
| 2. Close VSCode and reopen it normally (without NODE_TLS_REJECT_UNAUTHORIZED=0) | |
| 3. Stop the mitmproxy container with Ctrl+C |
| Another setting that you could enable is the `Explorer: Exclude Git Ignore` option. This will make VSCode's file browser hide any files you have in your `.gitignore` file. This will make it harder to accidentally open sensitive files in VSCode, and should keep the inline code completion from posting your sensitive data. The Copilot chat will still be able to read and post the files though, making the option less usefull from a security perspective. | ||
|
|
||
|
|
||
| # Some solutions that does work |
Collaborator
There was a problem hiding this comment.
Suggested change
| # Some solutions that does work | |
| # Some solutions that do work |
|
|
||
| # Introduction | ||
|
|
||
| For Copilot (any other AI service) to be able to make suggestions for your code it has to look at what code you have so far. It could be when it suggest the next line of code you could write, or if it analyses your entire code base. The computations for making these suggestions are not done locally, so for it to be able to make a suggestion it has to send whatever code you have to the AI service's API where their GPU cluster will crunch the numbers and make a suggestion. This might be fine for your general code, but you don't want to to send things like API keys, login credentials, or other sensitive data you are not supposed to share with anyone. |
Collaborator
There was a problem hiding this comment.
Suggested change
| For Copilot (any other AI service) to be able to make suggestions for your code it has to look at what code you have so far. It could be when it suggest the next line of code you could write, or if it analyses your entire code base. The computations for making these suggestions are not done locally, so for it to be able to make a suggestion it has to send whatever code you have to the AI service's API where their GPU cluster will crunch the numbers and make a suggestion. This might be fine for your general code, but you don't want to to send things like API keys, login credentials, or other sensitive data you are not supposed to share with anyone. | |
| For Copilot (or any other AI service) to be able to make suggestions for your code it has to look at what code you have so far. It could be when it suggests the next line of code you could write, or if it analyses your entire code base. The computations for making these suggestions are not done locally, so for it to be able to make a suggestion it has to send whatever code you have to the AI service's API where their GPU cluster will crunch the numbers and make a suggestion. This might be fine for your general code, but you don't want it to send things like API keys, login credentials, or other sensitive data you are not supposed to share with anyone. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Creating a PR to trigger the preview of the material.