I've mentioned this several times on social media, but I'm aware that many people probably haven't read such updates. I think this is best handled as a discussion anyway.
What's changing
Due to Chrome's manifest v3 changes, Buttercup can no longer run a daemon process in the background. This process, up until now, was used to keep decrypted credentials in memory while vaults were unlocked. The daemon didn't sleep and its memory was only wiped when the browser closed or the extension updated. Manifest v3 drops support for background (daemon) processes and in doing so will prevent Buttercup from working in the same way.
After toying with running Buttercup
restfully in the new service worker model (it didn't work), I've decided to make some drastic changes to how the extension works: namely, that the browser extension will interface directly with the desktop application. All vaults, their statuses and their contents will be retrieved from the desktop application, running in the background, instead of from the extensions memory.
What does this mean?
- You will no longer have vaults stored in the browser extension
- The desktop application must be running to use the extension
- The browser extension's "vaults" will be the same as those connected to the desktop application
- To use a vault in the extension it must be unlocked in the desktop app
- Saved credentials from the browser will be saved via the desktop application
- The local vault connector support in the extension will be removed, as you can natively access file-based vaults in the new model
This is a huge change for the platform, and not one I've decided on without giving it a bit of thought. I definitely preferred having the vaults isolated within the extension, but their were some problems:
- Inefficient - obviously doing it this was wasteful CPU/memory wise as having them stored just once in the desktop application would be better
- More effort - soon you'll just connect a vault once and it'll be available in both places
- Unpolished - the extension has a few quirks, such as updates locking all vaults
I feel like this is
genuinely better for Buttercup going forward.