### Impact
The secret file stores the user’s Planet API authentication information. It should only be accessible by the user, but its permissions allowed the user’s group and non-group to read the file as well.
### Validation
Check the permissions on the secret file with `ls -l ~/.planet.json` and ensure that they read as `-rw——-`
### Patches
[d71415a8](https://github.com/planetlabs/planet-client-python/commit/d71415a83119c5e89d7b80d5f940d162376ee3b7)
### Workarounds
Set the secret file permissions to only user read/write by hand:
“`
chmod 600 ~/.planet.json
“`Read More