How to use VS Code workspace trust feature?

VS Code workspace trust feature allows users to control execution permissions of code and extensions in the workspace, improving the security of the development environment.

Workspace Trust Concepts

Trust Levels

• Trusted Workspace: Allows all features, including automatic task execution, extension activation, etc.
• Untrusted Workspace: Limits certain features to prevent potential security risks

Security Risks

• Malicious code execution
• Automatic task execution
• Extension activation
• Workspace settings modification

Workspace Trust Configuration

Global Trust Settings

json
{
  "security.workspace.trust.enabled": true,
  "security.workspace.trust.banner": "always",
  "security.workspace.trust.startupPrompt": "always",
  "security.workspace.trust.untrustedFiles": "open"
}

Workspace Trust Status

• Trusted: Shows green shield icon
• Untrusted: Shows red shield icon
• Unknown: Shows gray shield icon

Trusting Workspace

Manually Setting Trust

1. Click shield icon in status bar
2. Select "Trust workspace"
3. Confirm trust settings

Trust Options

• Trust the authors of all files in the parent folder: Trust all files in parent folder
• Trust the authors of the files in the current workspace: Only trust current workspace

Untrusted Workspace Limitations

Feature Limitations

• Disable automatic task execution
• Disable activation of certain extensions
• Limit application of workspace settings
• Disable debugger startup

Restricted Features List

• Automatic task execution
• Automatic extension activation
• Workspace settings
• Debug configuration
• Preview features

File Trust Settings

File Trust Levels

json
{
  "security.workspace.trust.untrustedFiles": "open"
}

Option Descriptions

• open: Allow opening untrusted files
• newWindow: Open untrusted files in new window
• prompt: Prompt every time

Extension Trust

Extension Trust Policy

json
{
  "extensions.autoUpdate": false,
  "extensions.autoCheckUpdates": false
}

Extension Security Check

• Check extension source
• Verify extension signature
• Review extension permissions
• Assess extension risk

Workspace Settings Security

Trusted Workspace Settings

json
{
  "terminal.integrated.cwd": "${workspaceFolder}",
  "terminal.integrated.env.windows": {
    "PATH": "${env:PATH};C:\\custom\\path"
  }
}

Untrusted Workspace Limitations

• Ignore certain configurations in workspace settings
• Limit terminal environment variables
• Disable automatic task execution

Security Best Practices

Trust Policy

1. Only trust trusted workspaces
2. Regularly review list of trusted workspaces
3. Be cautious with projects from unknown sources
4. Use version control to verify code source

Extension Security

1. Only install extensions from official marketplace
2. Check extension reviews and download counts
3. Review extension permission requests
4. Regularly update extensions

Code Security

1. Use .gitignore to exclude sensitive files
2. Don't commit configuration files containing keys
3. Use environment variables to store sensitive information
4. Regularly review dependencies

Workspace Trust API

Checking Trust Status in Extensions

typescript
const isTrusted = vscode.workspace.isTrusted;

if (isTrusted) {
  // Execute operations requiring trust
  vscode.tasks.executeTask(task);
} else {
  vscode.window.showWarningMessage('Workspace is not trusted');
}

Listening to Trust Status Changes

typescript
vscode.workspace.onDidChangeTrust(isTrusted => {
  if (isTrusted) {
    console.log('Workspace is now trusted');
  } else {
    console.log('Workspace is no longer trusted');
  }
});

Important Notes

• Workspace trust does not affect user settings
• Trust settings are persistent
• Team collaboration should unify trust policy
• Regularly review trusted workspaces
• Pay attention to feature limitations in untrusted workspaces