From 4eb2c762ae9aa49093b89e420869ab279f084ee0 Mon Sep 17 00:00:00 2001
From: giwaov <giwavictor9@gmail.com>
Date: Wed, 8 Apr 2026 10:50:15 +0100
Subject: [PATCH] fix: restrict config file permissions to owner-only (0o600)

After writing ~/.opengradient_config.json, set file permissions to
600 (owner read/write only) to prevent other users on the system
from reading the private key stored in the config.

Closes #257
---
 src/opengradient/cli.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/opengradient/cli.py b/src/opengradient/cli.py
index 06ba62e9..b7d7e99c 100644
--- a/src/opengradient/cli.py
+++ b/src/opengradient/cli.py
@@ -34,6 +34,7 @@ def load_og_config():
 def save_og_config(ctx):
     with OG_CONFIG_FILE.open("w") as f:
         json.dump(ctx.obj, f)
+    OG_CONFIG_FILE.chmod(0o600)
 
 
 # Convert string to dictionary click parameter typing