From 174088653bade956f4b3a33b48a2c0154587b657 Mon Sep 17 00:00:00 2001
From: Olivier Bellone <ob@stripe.com>
Date: Wed, 9 Oct 2019 14:44:35 -0700
Subject: [PATCH] Fix config file permissions to not be world-readable (#226)

---
 pkg/config/config.go | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/pkg/config/config.go b/pkg/config/config.go
index 2726176cc..06ee890a8 100644
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@@ -76,6 +76,14 @@ func (c *Config) InitConfig() {
 		c.ProfilesFile = configFile
 		viper.SetConfigType("toml")
 		viper.SetConfigFile(configFile)
+		viper.SetConfigPermissions(os.FileMode(0600))
+
+		// Try to change permissions manually, because we used to create files
+		// with default permissions (0644)
+		err := os.Chmod(configFile, os.FileMode(0600))
+		if err != nil && !os.IsNotExist(err) {
+			log.Fatalf("%s", err)
+		}
 	}
 
 	// If a profiles file is found, read it in.