Back to Signal Feed
CodeTracked since May 19, 2026

Aider enforces owner-only storage for OpenRouter OAuth credentials

Aider’s OpenRouter OAuth flow in `aider/onboarding.py` is updated to prevent the credential file from being created with default permissive permissions: it now hardens `~/.aider` to `0o700`, writes `oauth-keys.env` using explicit `0o600` creation flags, and corrects mode on existing token files after write.

aider/onboarding.pyOpenRouter OAuthOPENROUTER_API_KEY~/.aider/oauth-keys.env

What Happened

  • Aider’s OpenRouter OAuth flow in `aider/onboarding.py` is updated to prevent the credential file from being created with default permissive permissions: it now hardens `~/.aider` to `0o700`, writes `oauth-keys.env` using explicit `0o600` creation flags, and corrects mode on existing token files after write.
  • Aider’s OpenRouter OAuth flow in `aider/onboarding.py` is updated to prevent the credential file from being created with default permissive permissions: it now hardens `~/.aider` to `0o700`, writes `oauth-keys.env` using explicit `0o600` creation flags, and corrects mode on existing token files after write.
  • 1 evidence item attached for review.

What is Different

Before

Scattered source updates, isolated context, and manual follow-up across multiple feeds.

Now

It adds concrete filesystem hardening for stored API credentials by eliminating umask-dependent file creation, explicitly setting Unix mode bits on the Aider config directory and OAuth key file, and normalizing permissions on both first-run and re-run OAuth flows.

Why Track This

Why It Matters

On shared Linux/macOS systems, developers and operators using OpenRouter through Aider are less exposed to local token theft because the saved API key is no longer left world-readable; watch whether multi-user or containerized workstations still have legacy insecure `~/.aider` permission states after upgrading. The fix enforces owner-only permissions (`0o700` for `~/.aider`, `0o600` for `oauth-keys.env`) by creating the file via `os.open` with explicit mode and applying `os.chmod` on existing paths, which removes the `open()` + default-umask exposure and TOCTOU window, while non-Unix platforms retain prior behavior via caught `chmod` exceptions.

Impact

On shared Linux/macOS systems, developers and operators using OpenRouter through Aider are less exposed to local token theft because the saved API key is no longer left world-readable; watch whether multi-user or containerized workstations still have legacy insecure `~/.aider` permission states after upgrading. The fix enforces owner-only permissions (`0o700` for `~/.aider`, `0o600` for `oauth-keys.env`) by creating the file via `os.open` with explicit mode and applying `os.chmod` on existing paths, which removes the `open()` + default-umask exposure and TOCTOU window, while non-Unix platforms retain prior behavior via caught `chmod` exceptions.

What To Watch Next

  • Watch whether aider/onboarding.py becomes a repeated pattern.
  • Track follow-up changes around AI Coding Agents.
  • Compare future signals against this evidence trail.
  • Re-check risk flags: shared_hosts_with_multiple_user_accounts, legacy_aider_or_other_tool_directories_widen_permissions.
Open Topic TimelineOpen Technical EventOpen Original Sourceshared_hosts_with_multiple_user_accounts / legacy_aider_or_other_tool_directories_widen_permissions / non_unix_platforms_skip_strict_mode_enforcement

Supporting Evidence

GITHUB PULL REQUESTHigh Trust

aider-ai/aider PR #5154: onboarding: write ~/.aider/oauth-keys.env at 0o600 instead of default umask (0o644)

The PR fixes a credential leak path where `open(path, "a")` created `~/.aider/oauth-keys.env` as `0o644` under default umask, by switching to explicit `os.open(..., O_CREAT|O_WRONLY|O_TRUNC, 0o600)` plus `os.chmod(0o700/0o600)` hardening for directory and file.