From 078cb1db6ecb28b3c747dae961e122f307404d18 Mon Sep 17 00:00:00 2001 From: zgjimhaziri Date: Fri, 7 Nov 2025 16:39:45 +0100 Subject: [PATCH] TA-4529: Add plaintext token storing warning --- DOCUMENTATION.md | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/DOCUMENTATION.md b/DOCUMENTATION.md index c5b306da..2c2b4ae3 100644 --- a/DOCUMENTATION.md +++ b/DOCUMENTATION.md @@ -130,6 +130,28 @@ generate an Application key in the `Team Settings` section of your Celonis accou under `Applications`. After creating an Application, you can assign it different permissions based on how much power you want to give to the key owner. +#### Security Considerations + +| ⚠️ **IMPORTANT SECURITY WARNING** | +|-----------------------------------| +| Profile credentials (API tokens, OAuth client secrets, and access tokens) are **stored in plaintext** on your local filesystem. **No encryption is applied** to these credentials. | + +**Storage Location:** +- **Linux/macOS: + - ** `~/.celonis-content-cli-profiles` + - ** `~/.celonis-content-cli-git-profiles` +- **Windows: + - ** `%USERPROFILE%\.celonis-content-cli-profiles` + - ** `%USERPROFILE%\.celonis-content-cli-git-profiles` + +**Protection Mechanisms:** +The security of your credentials relies **entirely on native operating system filesystem permissions**. The CLI does not provide additional encryption. + +Ensure that: +- Your user account and filesystem are properly secured +- File permissions restrict access to your user account only +- You use appropriate security measures on shared or multi-user systems + #### When to create profiles So let's say you have a Studio package in [https://my-team.eu-1.celonis.cloud]()