I made some pretty good progress on setting up my development environment using VSCode devcontainers. It‘s a bit slow at first because you have to download the image from the container registry. It quite straight forward for a typical setup. However I have quite a lot of code in private repositories, and of course once it‘s all running inside a container, the running code no longer has access to my ssh keys on the host OS. And that‘s where things get quite confusing.
Some people are saying to use ssh agent forwarding, which I don‘t think sounds very secure. Others are saying to use a fine grained Github access token, which sounds alright security-wise because you can create a token that only has read access, and if anything weird happens in the container, because say a vibe coding tool gets hacked, then it can only read the code. But I go through and set it up and I think I have it configured correctly, and it‘s still throwing up a popup asking me to login when I npm install. I‘ve been at it the whole day, tried a million and one different ways, and I still can‘t get it working.
It‘s looking like I‘m going to have to abandon my plans to use dev containers because it‘s just to complicated to configure securely. It‘s definitely better than last time I tried containers, but the devil is always in the details. Unless I can get it to work with private repos, it‘s not worth it. It would be awesome if all my code was open source and public, but I am still very far away from that point. I might try again tomorrow. #