How are credentials/API keys stored? How can we sync Roo settings (including secrets) across computers?

[ErcinDedeoglu]

Hi!

I’m using the Roo extension in VS Code across multiple computers/workspaces (including WSL). To avoid re-entering my API key every time, I’d like to set up automated sync/backup for Roo’s settings and credentials.

Where does Roo store its API key or other sensitive data? Is it in VS Code’s secret storage, a config file, or elsewhere?

Does Roo offer built-in support for syncing these secrets securely between machines? If not, are there recommended practices for transferring them? What best practice can I follow to make it fully automated?

Thanks!

[dosubot[bot]]

Hello @ErcinDedeoglu! I'm Dosu, here to help you with bugs, questions, and contributions while you wait for a human maintainer. Let’s tackle your issue together!

Roo Code stores API keys and other sensitive data in VS Code's Secret Storage, ensuring they are not exposed in plain text ^[1][2]. However, Roo Code does not have built-in functionality for syncing these secrets across different machines ^[1].

For transferring settings and credentials, the documentation advises that when exporting settings, the JSON file includes API keys in plaintext and should be treated as highly sensitive. It is recommended not to share this file publicly or with untrusted individuals ^[1].

To automate syncing, you might consider using a secure file transfer method or a version control system with encrypted storage to manage the exported settings file. Always ensure that any method you use maintains the confidentiality of your sensitive data.

To continue talking to Dosu, mention @dosu.

---

^{Help Dosu learn! Give it feedback: Great Response | Irrelevant Answer | Incorrect Sources | Too Verbose | Hallucination | Bug Report | Other}

[ErcinDedeoglu]

Nice answer for a fine-tuned model (or a RAG?)! But, for all audiences, how can it be automated? I mean, I can symlink a folder or file if it is in a specific location so that it can be synced by Google Drive or a similar service. But I want zero interaction with my environment, I mean zero setup each time. Because each time I need to put in effort to warm up by fixing API keys, etc.

[dosubot[bot]]

To achieve zero interaction for syncing Roo Code settings, including API keys, you can automate the process using a combination of secure storage and synchronization tools. Here’s a potential approach:

1. Environment Variables: Store your API keys and other sensitive data in environment variables. This way, you can manage them outside of the Roo Code configuration files, reducing the need to sync sensitive data directly ^[1].

2. Automated Script: Create a script that:

   • Exports your current settings to a JSON file.
   • Encrypts the JSON file using a tool like GPG or OpenSSL.
   • Uploads the encrypted file to a cloud storage service like Google Drive or Dropbox.

3. Sync and Decrypt: On each machine:

   • Use a startup script to download the encrypted settings file.
   • Decrypt the file and import the settings into Roo Code.
   • Set up a cron job or task scheduler to run this script at regular intervals or on startup.

4. Version Control with Encryption: Use a version control system like Git with encrypted storage (e.g., git-crypt) to manage your settings file. This allows you to push and pull changes securely across different machines.

By automating these steps, you can minimize manual intervention and ensure your settings are consistently synchronized across all your environments.

To continue talking to Dosu, mention @dosu.

---

^{Help Dosu learn! Give it feedback: Great Response | Irrelevant Answer | Incorrect Sources | Too Verbose | Hallucination | Bug Report | Other}