If you discover a security vulnerability in git-env-manager, please do not open a public issue.

1. Go to GitHub Security Advisories
2. Click "New draft security advisory"
3. Provide:
   • A description of the vulnerability
   • Steps to reproduce
   • Potential impact
   • Suggested fix (if any)

• Acknowledgment: Within 48 hours
• Initial assessment: Within 1 week
• Fix release: Depends on severity, prioritized as follows:
  • Critical (key exposure, arbitrary code execution): Patch release ASAP
  • High (privilege escalation, data leakage): Patch within 1 week
  • Medium/Low: Included in next regular release

git-env-manager handles sensitive data including SSH private keys and Git configurations. The following security measures are enforced:

• Private keys are stored with 0600 permissions (owner read/write only)
• Keys are copied to ~/.git-env-manager/keys/{profile}/ with restricted permissions
• core.sshCommand uses -o IdentitiesOnly=yes to prevent key leakage across profiles
• Private key contents are never logged or displayed to the user

• ~/.gitconfig modifications use atomic writes (write to temp file, then rename)
• A timestamped backup is created before ~/.gitconfig modification when directory-based auto-switching is configured
• Existing gitconfig entries (LFS, difftool, mergetool, etc.) are never removed

• No secrets or credentials are stored in the codebase
• All user input is validated before processing
• Error messages do not expose sensitive file contents or internal paths

The following are in scope for security reports:

• SSH private key exposure or permission issues
• Arbitrary file read/write via crafted profile names
• Command injection through user-provided input
• Unintended modification or deletion of ~/.gitconfig entries
• Backup file permission issues

The following are out of scope:

• Vulnerabilities in upstream dependencies (report to the respective project)
• Issues requiring physical access to the machine
• Social engineering attacks