Problem
Connection profiles in the PostgreSQL extension are stored in VS Code's global secret storage and user settings — neither of which is committed to source control. In a team environment, every developer must manually re-enter connection details (host, port, database, username) for shared databases (dev/staging). There is no way to ship a pre-populated, non-secret connection profile as part of a repository.
Use Case
A team wants to commit a .vscode/settings.json that pre-declares non-secret connection attributes:
{
"pgsql.connections": [
{
"name": "Dev DB (shared)",
"host": "dev-db.internal.example.com",
"port": 5432,
"database": "myapp_dev",
"user": "devuser",
"passwordSource": "prompt" // or "pgpass" | "secretStorage"
}
]
}
When a developer clones the repo and opens it, the connection appears pre-populated in the sidebar — they only need to supply the password.
Why This Is Safe
Passwords are never committed (the passwordSource field controls where the credential comes from). Only non-secret metadata (host, port, db name, user) is in the settings file. This mirrors how SQL Server extension (mssql) handles workspace-level connection profiles.
Proposed Change
- Add
pgsql.connections as a workspace-scope configuration key (array of connection descriptors, no password field).
- On activation, merge connections from workspace settings into the connections tree (alongside secret-storage ones), displaying a source badge ("workspace" vs "personal").
- Connecting a workspace connection that has no password triggers the normal password prompt and optionally stores it in secret storage for the session.
Environment
- VS Code: 1.89+, team sharing
.vscode/settings.json via git
- Extension: ms-ossdata.vscode-pgsql latest
Problem
Connection profiles in the PostgreSQL extension are stored in VS Code's global secret storage and user settings — neither of which is committed to source control. In a team environment, every developer must manually re-enter connection details (host, port, database, username) for shared databases (dev/staging). There is no way to ship a pre-populated, non-secret connection profile as part of a repository.
Use Case
A team wants to commit a
.vscode/settings.jsonthat pre-declares non-secret connection attributes:{ "pgsql.connections": [ { "name": "Dev DB (shared)", "host": "dev-db.internal.example.com", "port": 5432, "database": "myapp_dev", "user": "devuser", "passwordSource": "prompt" // or "pgpass" | "secretStorage" } ] }When a developer clones the repo and opens it, the connection appears pre-populated in the sidebar — they only need to supply the password.
Why This Is Safe
Passwords are never committed (the
passwordSourcefield controls where the credential comes from). Only non-secret metadata (host, port, db name, user) is in the settings file. This mirrors how SQL Server extension (mssql) handles workspace-level connection profiles.Proposed Change
pgsql.connectionsas a workspace-scope configuration key (array of connection descriptors, no password field).Environment
.vscode/settings.jsonvia git