Dev Vault
Secure credential storage, right where you code.
A local-only password manager for Cursor and VS Code. Store development credentials securely on your machine and copy them into the IDE browser when you need to log in.
Note: VS Code/Cursor does not expose an API to autofill the built-in browser. DevVault copies credentials to the clipboard (with auto-clear) so you can paste them into login forms.
Features
- Local vault — no cloud sync; data never leaves your machine
- Master password — AES-256-GCM encryption via PBKDF2 key derivation
- OS SecretStorage — encrypted payload stored through VS Code’s secure storage
- Sidebar vault — browse, add, edit, and delete entries
- Quick fill — match credentials by URL/domain and copy username/password
- Password generator — cryptographically strong passwords
- Clipboard auto-clear — secrets are wiped after a configurable delay
- Idle lock — vault locks after inactivity
Install
- Open VSX (Cursor and other VS Code–compatible editors): search for DevVault Credential Manager, or install
AsyncOwl.devvault-cred-manager from open-vsx.org once published
- VS Code Marketplace: search for DevVault Credential Manager, or install from the Marketplace once published
Install from VSIX (local)
npm install
npm run package
npm run vsix
Install the generated devvault-cred-manager-0.1.0.vsix via Extensions → … → Install from VSIX…
Development
- Open this folder in Cursor/VS Code
- Run
npm install and npm run watch
- Press F5 to launch the Extension Development Host
Publishing
The same VSIX works for both registries. Publisher id: AsyncOwl.
VS Code Marketplace
- Create publisher AsyncOwl at marketplace.visualstudio.com/manage
- Create an Azure DevOps PAT with Marketplace → Manage (organization: All accessible organizations)
npx vsce login AsyncOwl
npm run publish:marketplace
Open VSX (required for Cursor’s extension marketplace)
- Create an Eclipse account with the same GitHub username you use on Open VSX
- Sign in at open-vsx.org with GitHub, link Eclipse, and sign the Publisher Agreement
- Create a token under Access Tokens
- Create the namespace once:
npx ovsx create-namespace AsyncOwl -p <token>
- Publish (token via
-p or OVSX_PAT):
export OVSX_PAT=<token>
npm run publish:openvsx
Or package first, then upload the same file to both places:
npm run vsix
npx vsce publish --packagePath ./devvault-cred-manager-0.1.0.vsix
npx ovsx publish ./devvault-cred-manager-0.1.0.vsix
Usage
- Open the DevVault icon in the activity bar
- Run DevVault: Unlock Vault (first run creates a master password)
- Click + to add an entry (name, URL, username, password, notes, tags)
- Click an entry to copy the password, or use the ⋮ menu on an entry for copy / open / edit / delete (right-click still works too)
- Paste into the Cursor/VS Code built-in browser login form
Login with the built-in browser
Cursor/VS Code does not allow extensions to type into the built-in browser. DevVault opens the page and copies credentials for paste:
- Unlock the vault and pick an entry (status bar or sidebar)
- Run DevVault: Open in Browser & Login (or choose it from an entry’s ⋮ menu)
- Paste the username in the browser (
Cmd/Ctrl+V), then choose Copy Password and paste that too
Status bar Username / Password also copy to the clipboard when you’re in the browser (they fill the editor only when a text file is focused).
Useful commands
| Command |
Description |
DevVault: Unlock Vault |
Unlock or create the vault |
DevVault: Lock Vault |
Lock and clear secrets from memory |
DevVault: Add Entry |
Create a credential |
DevVault: Edit Entry |
Edit a credential (sidebar icon or Command Palette) |
DevVault: Delete Entry |
Delete a credential (trash icon, right-click, or Command Palette) |
DevVault: Fill for URL… |
Find entries by domain and copy |
DevVault: Generate Password |
Generate and copy a strong password |
DevVault: Change Master Password |
Re-encrypt the vault |
Keyboard shortcuts
- Fill for URL:
Ctrl+Shift+Alt+F / Cmd+Shift+Alt+F
- Lock vault:
Ctrl+Shift+Alt+L / Cmd+Shift+Alt+L
Settings
| Setting |
Default |
Description |
devvault.clipboardClearSeconds |
30 |
Clear clipboard after N seconds |
devvault.idleLockMinutes |
15 |
Auto-lock after idle (0 = disabled) |
devvault.rememberUnlockHours |
24 |
Remember master password across restarts for N hours (0 = always prompt). Manual Lock clears it. |
devvault.passwordLength |
20 |
Generated password length |
devvault.passwordIncludeSymbols |
true |
Include symbols in generated passwords |
Security model
- Metadata (name, URL, username, tags) is stored in VS Code
globalState (not secret, but not passwords).
- Passwords and notes are encrypted with AES-256-GCM and stored via
SecretStorage (backed by the OS keychain / Electron safeStorage).
- The master password is held in memory while the vault is unlocked. When
devvault.rememberUnlockHours is greater than 0, it is also stored in SecretStorage until that window expires or you use Lock.
- Locking or deactivating the extension clears in-memory secrets. Deactivate/restart can restore unlock from the remembered session if it has not expired.
- There are no network calls related to the vault.
Keep a strong master password. Losing it means you cannot decrypt the vault.
License
MIT