Timmy_Foundation/hermes-agent
15
0
Fork 0
Code Issues 253 Pull Requests 26 Actions 3 Packages Projects Releases Wiki Activity

Merge PR #529: fix: restrict .env file permissions to owner-only

Browse Source 
Authored by Himess. Adds 0600 chmod on ~/.hermes/.env after writing API keys,
matching the existing pattern in auth.py for auth.json.
This commit is contained in:
teknium1
2026-03-09 23:10:59 -07:00
parent bdce33e239 32dbd31b9a
commit 805ce8177b
1 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
hermes_cli/config.py
View File

@@ -14,8 +14,9 @@ This module provides:
import os import os
import platform import platform
import sys import stat
import subprocess import subprocess
import sys
from pathlib import Path from pathlib import Path
from typing import Dict, Any, Optional, List, Tuple from typing import Dict, Any, Optional, List, Tuple
@@ -869,6 +870,13 @@ def save_env_value(key: str, value: str):
with open(env_path, 'w', **write_kw) as f: with open(env_path, 'w', **write_kw) as f:
f.writelines(lines) f.writelines(lines)
# Restrict .env permissions to owner-only (contains API keys)
if not _IS_WINDOWS:
try:
os.chmod(env_path, stat.S_IRUSR | stat.S_IWUSR)
except OSError:
pass
def get_env_value(key: str) -> Optional[str]: def get_env_value(key: str) -> Optional[str]:
"""Get a value from ~/.hermes/.env or environment.""" """Get a value from ~/.hermes/.env or environment."""