pdcli handles Pipedrive API and OAuth credentials, so security reports are taken seriously.
Please do not open public GitHub issues for security vulnerabilities.
Report privately through GitHub's private vulnerability reporting (the repository's Security tab → Report a vulnerability). Include:
- A description of the issue and its impact
- Steps to reproduce
- The affected version (
pdcli version)
You will receive an acknowledgement within 72 hours and a status update within 7 days. Once a fix is released, reporters who wish to be named will be credited.
pdcli is pre-1.0. Only the latest released version receives security fixes.
- API tokens and OAuth tokens are stored only in the operating system keychain (macOS Keychain, Windows Credential Manager, or libsecret on Linux). pdcli refuses to write credentials to disk in plaintext; if no keychain is available, authentication fails rather than falling back to insecure storage.
- The raw
pdcli apiescape hatch is host-locked to your authenticated Pipedrive company domain ({company}.pipedrive.com) or the OAuthapi_domain. A request that resolves to any other host is refused, and the transport never follows redirects — so a mistyped or hallucinated URL cannot leak your token to another host. There is no genericapi.pipedrive.comdata host. - Tokens are redacted from logs, errors, and
--verboseoutput. - Passing a token on a flag would expose it in your shell history and the
process list. Prefer the interactive
pdcli auth login, or thePDCLI_API_TOKEN/PDCLI_COMPANY_DOMAINenvironment variables for CI.