Merge pull request #797 from CVEProject/bep-781-chmod-curl-config

#781 Update Docker readme to include instructions to securely create curl config
CVEProject · Jul 28, 2022 · 3b7608f · 3b7608f
2 parents 5171c33 + 74c6bb8
commit 3b7608f
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/docker/README.md b/docker/README.md
@@ -122,7 +122,13 @@ You can view the value for the running container with:
 
 #### Create a curl config file (recommended)
 
-Create a curl config file in `$HOME/.curl-cve-config` similar to the following, where each line is a curl argument. In dev environments, use the value of the `LOCAL_KEY` environment variable (also output when pre-populating) as the API key.
+Securely create a curl config file in `$HOME/.curl-cve-config` similar to the following, where each line is a curl argument. In dev environments, use the value of the `LOCAL_KEY` environment variable (also output when pre-populating) as the API key.
+
+>**Warning**
+>
+>To ensure security of the credentials, create an empty file and restrict its permissions before saving the API key:
+>
+>`touch $HOME/.curl-cve-config && chmod 600 $HOME/.curl-cve-config && vi $HOME/.curl-cve-config`
 
 ```
 -H "CVE-API-ORG: mitre"