From c99034909d4e422286965f307e667d52e65e30f2 Mon Sep 17 00:00:00 2001
From: Peter Sanchez <peter@netlandish.com>
Date: Thu, 31 Jul 2025 15:04:09 -0600
Subject: [PATCH] Use default permissions of 0600 for crush.json to help
 protect sensitive data that is stored in plain text (api keys, etc.)

Fixes #411
---
 internal/config/config.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/internal/config/config.go b/internal/config/config.go
index 44573a710163f2ba5c8912c23af7024f28bcaa51..b4682ce876bb4980bbe119c187538bf467d2f514 100644
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -371,7 +371,7 @@ func (c *Config) SetConfigField(key string, value any) error {
 	if err != nil {
 		return fmt.Errorf("failed to set config field %s: %w", key, err)
 	}
-	if err := os.WriteFile(c.dataConfigDir, []byte(newValue), 0o644); err != nil {
+	if err := os.WriteFile(c.dataConfigDir, []byte(newValue), 0o600); err != nil {
 		return fmt.Errorf("failed to write config file: %w", err)
 	}
 	return nil