🔐 DevOps Hub - Credential Vault

A dead-simple VS Code extension that stores your deployment credentials securely and makes them available to GitHub Copilot.

🎯 The Concept

This extension does ONE THING and does it perfectly:

Store your credentials securely, so GitHub Copilot can do EVERYTHING ELSE.

No complex UI. No error handling. No fancy commands.
Just a secure vault that GitHub Copilot can read from to handle all your DevOps tasks.

🚀 How It Works

Step 1: Install & Open

1. Press F5 to run the extension (Extension Development Host)
2. Click the DevOps Hub icon in the Activity Bar (left sidebar)
3. The credential vault opens

Step 2A: Connect Services (EASIEST! 🎉)

NEW: One-Click OAuth Connection!

Instead of manually copying tokens, just click:

• 🔗 "Connect to Netlify" (Command Palette)
• Browser opens → Login → Authorize → Done!

See OAUTH_SETUP.md for setup (5 minutes, FREE!)

Step 2B: Or Paste Keys Manually

If you prefer manual entry (or for services without OAuth yet):

Supabase (5 keys):

• Project URL: https://xxxxx.supabase.co
• Anon Key
• Service Role Key
• Database Password
• Access Token

Stripe (1 key minimum):

• Secret Key: sk_test_... or sk_live_...
• Webhook Secret: whsec_... (optional - auto-fetched if missing!)

Netlify (OAuth OR manual):

• Option A: Use "Connect to Netlify" command (recommended!)
• Option B: Manually paste Auth Token: nfp_...
• Site ID (optional - auto-created on first deploy!)

🤖 Smart Automation: If you don't provide the Stripe Webhook Secret or Netlify Site ID, Copilot will automatically fetch/create them on first use! See SMART_AUTOMATION.md for details.

Step 3: Save

Click "💾 Save All Keys"

Step 4: Let Copilot Do Everything

That's it! Now just ask GitHub Copilot:

@workspace Run my Supabase migrations
@workspace Deploy to Netlify
@workspace Sync Stripe products
@workspace Create a Supabase Edge Function

How does Copilot know about your credentials?

When you save credentials, the extension writes them to:

• ✅ VS Code Secret Storage (encrypted)
• ✅ ~/.devops-hub-mcp/credentials.json (owner-only permissions)

GitHub Copilot can read the JSON file and use your credentials! See CREDENTIALS_INFO.md for details.

GitHub Copilot will:

• ✅ Read credentials from the vault
• ✅ Handle all error cases
• ✅ Run API calls
• ✅ Execute deployments
• ✅ Manage migrations
• ✅ Fix any issues automatically
• ✅ Auto-fetch missing credentials (Stripe webhook secret, Netlify site ID)

✨ Smart Automation Features

This isn't just a password manager—it's an intelligent deployment assistant!

🔐 Auto-Fetch Stripe Webhook Secret

Don't have your Stripe webhook secret? No problem!

• You enter: Stripe Secret Key
• Copilot automatically: Fetches/creates webhook endpoint and saves the secret
• You never have to visit the Stripe Dashboard

🌐 Auto-Create Netlify Site ID

First time deploying? No manual setup needed!

• You enter: Netlify Auth Token
• Copilot automatically: Creates the site and saves the Site ID
• Every future deploy updates that same site

Result: Paste 7 keys instead of 9. The extension handles the rest! 🎉

See SMART_AUTOMATION.md for technical details.

💡 Why This Approach?

❌ The Old Way (Bolt.new style):

• Build complex UI for every operation
• Handle every possible error case
• Create commands for migrations, deployments, etc.
• Maintain API integration code
• Update when APIs change

✅ The New Way (Credential Vault + Copilot):

• Store credentials once
• Let Copilot handle everything
• No UI complexity
• No error handling needed
• Copilot adapts to API changes automatically

🔒 Security

All credentials are stored using VS Code's Secret Storage API:

• ✅ Encrypted at rest
• ✅ OS-level security (Windows Credential Manager, macOS Keychain, Linux Secret Service)
• ✅ Never stored in plain text
• ✅ Never in settings.json or workspace files
• ✅ Only accessible by this extension and Copilot

📋 Commands

🎓 How to Get Your Keys

Supabase Keys

1. Go to https://app.supabase.com
2. Open your project
3. Settings → API:
   • Project URL
   • anon/public key
   • service_role key
4. Settings → Database:
   • Database password
5. Account → Access Tokens:
   • Generate new token

Stripe Keys

1. Go to https://dashboard.stripe.com
2. Developers → API Keys:
   • Secret key (test or live)
3. Developers → Webhooks:
   • Click webhook → Reveal signing secret

Netlify Keys

1. Go to https://app.netlify.com
2. User settings → Applications → Personal access tokens:
   • Generate new token
3. Site settings → Site details (optional):
   • Site ID

🤖 Example: Let Copilot Deploy

Once your keys are saved, just chat with Copilot:

Deploy to Netlify:

@workspace Build and deploy my site to Netlify

Copilot will:

1. Read Netlify auth token from vault
2. Run npm run build
3. Zip the dist folder
4. Upload to Netlify API
5. Show deployment URL

Run Supabase Migrations:

@workspace Run all pending Supabase migrations

Copilot will:

1. Read Supabase credentials from vault
2. Scan supabase/migrations/*.sql
3. Connect to database
4. Execute migrations in order
5. Report results

Sync Stripe Products:

@workspace Fetch all Stripe products and save to my database

Copilot will:

1. Read Stripe secret key from vault
2. Call Stripe API to list products
3. Call Stripe API to list prices
4. Save to your database
5. Confirm completion

🛠️ For Developers

Project Structure

src/
├── extension.ts               # Simple activation & commands
├── services/
│   └── credentialsManager.ts  # Secret Storage wrapper
└── views/
    └── credentialsView.ts     # Webview form

Accessing Credentials in Code

import { getCredentials } from './extension';

// Get all credentials
const creds = await getCredentials();

// Use them
const { supabase, stripe, netlify } = creds;

📦 What's NOT Included

This extension intentionally does NOT include:

• ❌ Migration runners
• ❌ Deployment logic
• ❌ API wrappers
• ❌ Error handling UI
• ❌ Status indicators
• ❌ Command implementations

Why? Because GitHub Copilot does all of that better than any UI we could build.

🎯 The Philosophy

"Don't build what GitHub Copilot can do better."

This extension is a secure .env file that Copilot can read.
That's it. That's all it needs to be.

Everything else - deployments, migrations, API calls, error handling - is handled by GitHub Copilot, which is:

• ✅ Smarter than any hardcoded logic
• ✅ More adaptable to API changes
• ✅ Better at error handling
• ✅ Always up-to-date with best practices

🚀 Get Started

1. Press F5
2. Click the DevOps Hub icon
3. Paste your 9 keys
4. Save
5. Ask Copilot to deploy 🎉

That's the whole workflow!

📝 License

MIT

Made for developers who trust GitHub Copilot to handle the complexity. 🤖✨