Restrict permissions to credentials file on creation

src/config/credentials.rs

@@ -112,6 +112,14 @@ impl Credentials {
     }
 
     fn write_back(&self) -> Result<()> {
+        #[cfg(unix)]
+        use std::os::unix::fs::PermissionsExt;
+
+        if !self.config_file.exists() {
+            let f = std::fs::File::create(&self.config_file)?;
+            #[cfg(unix)]
+            f.metadata()?.permissions().set_mode(0o600);
+        }
         std::fs::write(&self.config_file, toml::to_string(self)?)?;
         Ok(())
     }