Add compatibility for CLI session token keyring storage #717
Description
Recently the coder CLI added session token storage in the operating system keychain for macOS and Windows. We attempted to make the CLI use the operating system keychain by default, but found that the VS code plugin writes the session token to a directory on the users machine and invokes the coder CLI with the --global-config flag pointing to said directory. This means that coder is unable to use the operating system keyring by default without breaking the plugins expectations. As a result, we had to special case the --global-config flag in coder to not use the keyring. The desire is to have the coder CLI use the keyring by default, unless --use-keyring=false is specified explicitly.
Possible options:
- Plugin specifies the session token stored on disk to CLI via
CODER_SESSION_TOKENor--token(env var preferred) - Plugin reads/writes the session token from the operating system keyring.
- Plugin specifies
--use-keyring=falsewhen invoking coder CLI.
All of the above options have backwards compatibility concerns. Ideally we also remove the --global-config special case from the coder CLI.
I would personally be in favor of option 2) to more closely align with what Coder Desktop does. This would be a user experience improvement (e.g. only need to copy-paste the session token in one application), along with a security improvement (token no longer stored in plain text).
Relates to coder/coder#19403