ID:	7415	Fixed in:
Issue Date:	2020-03-26 13:16 AEST	Owner:	CVS Support
Last Modified:	2022-07-23 14:12 AEST	Reporter:	Arthur Barrett
Current Est.	0.0 hours	% Complete:	0.0
Status:	NEW /	Severity:	normal

Affected:	2.8.01
Description:	win: client: store .cvspass in Windows Credential Store

Actions:

2020-03-26 13:16 AEST by Arthur Barrett - Git users may be familiar with using "Git Credential Manager for Windows" or the older " Windows Credential 
Store for Git (git-credential-winstore)" which provides "Secure password storage in the Windows Credential 
Store" rather than what CVSNT does which is store it in the registry, or use cvsagent to store it temporarily in 
memory.

Very helpfully the source code for it is on github:
https://github.com/microsoft/Git-Credential-Manager-for-Windows

Example of using the CredStore() API from Win32 here:
https://stackoverflow.com/questions/9221245/how-do-i-store-and-retrieve-credentials-from-the-windows-
vault-credential-manage

And the API is in MSDN here - available from Windows XP onwards, so no reason why we can't use this in CVS 
Suite 2009R2:
https://docs.microsoft.com/en-gb/windows/win32/api/wincred/nf-wincred-credwritea?redirectedfrom=MSDN

2022-07-21 19:34 AEST by Arthur Barrett - I'm thinking that this should be able to be controlled as a 'default' somehow - either the server insists that 
credential management is being used on the client, or a group policy setting is used, or even a 'computer' 
level registry setting.



Here is the latest link to the API:

https://docs.microsoft.com/en-us/windows/win32/secauthn/authentication-functions#credentials-
management-functions

2022-07-23 14:12 AEST by Arthur Barrett - Note: MS now recommend against using SecureString in .NET (pfft!) as explained here:

https://github.com/dotnet/platform-compat/blob/master/docs/DE0001.md

Query page