Block Extension Access to Sensitive Files in the Project #235526
Open
Description
related to #52116
Currently, VSCode extensions have access to all files within a project by default. This poses a potential security risk, as projects may include files containing sensitive information, such as .env files.
To enhance security, it would be valuable to allow developers to explicitly mark certain files or patterns as sensitive in .vscode/settings.json. Files marked as sensitive would remain invisible to all third-party code, including extensions.
Proposed Feature:
Introduce a files.sensitive setting in the workspace configuration to define sensitive files. Example:
{
"files.sensitive": {
"**/.env": true
}
}This feature would:
- Ensure extensions cannot access or read marked files.
- Improve trust and security when using third-party extensions.