Security & Permissions

Data Security and Keys

Model storage, encryption behavior, and key management guidance

Data Security and Keys

Local CLI state uses encrypted SQLite stores:

  1. City-local state and credentials: ~/.downcity/downcity.db
  2. Federation admin profiles and admin keys: ~/.downcity/federation.db
  3. Project-level binding stays in <project>/downcity.json as execution.modelId

How secrets are protected

Provider apiKey, channel credentials, user sessions, and Federation admin keys are not stored in plaintext. They are encrypted before being written to the local SQLite stores.

Key source priority:

  1. DC_MODEL_DB_KEY
  2. ~/.downcity/main/model-db.key

Best practices

  1. Never commit ~/.downcity or any key material.
  2. Use a secret manager to inject DC_MODEL_DB_KEY in team/production environments.
  3. After key rotation, validate model connectivity through CLI and one real invocation.

Permissions

Understand Ship's current chat user authorization model

CLI

The Downcity CLI suite — downcity for local agents and downfed for Federation

Table of Contents

Data Security and KeysHow secrets are protectedBest practicesRelated docs