Description
Hi team,
I'm experiencing an unexpected and potentially insecure behavior when using the Dev Containers: Attach to Running Kubernetes Container... feature in VS Code.
What I'm trying to do
I'm attaching to a running container on my AKS cluster using the Dev Containers extension in VS Code, with the command:
Dev Containers: Attach to Running Kubernetes Container...
This works well — VS Code opens, and I can interact with the container and access my data as expected.
The issue
However, I noticed that my local GitHub authentication tokens are being synced to the remote container, which is not desired. This poses a security risk, especially in a shared or production environment.
What I've tried
I attempted to disable settings sync in VS Code entirely.
I tried modifying the .devcontainer.json (or equivalent .devcontainer/ configuration) to prevent syncing credentials — but it seems these settings are not respected in this attach scenario.
I also verified my user settings and workspace settings to ensure token sync is disabled, but the issue persists.
Expected behavior
GitHub tokens and authentication credentials should not be transferred to the remote container unless explicitly configured to do so.
Environment
VS Code version: 1.100.2
Kubernetes: AKS
Platform: Ubuntu
Additional context
It seems that the .devcontainer.json or related settings are either ignored or not used in the context of attaching to an existing running container, which may be the root cause.
Please advise if this is a known issue or if there's a proper way to prevent token sync when using this feature.
Thanks in advance!