Please report security issues privately via GitHub Security Advisories ("Report a vulnerability") or by emailing security@xfusion.io. Do not open a public issue for vulnerabilities. We aim to acknowledge within 3 business days.
TurboFiles handles credentials and remote file access, so security is a first-class concern.
- Passwords and key passphrases are stored in the OS keychain (
keyringcrate): macOS Keychain, Windows Credential Manager, Linux Secret Service. - Secrets are never written to the SQLite database, to logs, or to disk in plain text, and are never returned to the frontend.
- Error messages are constructed to avoid leaking secret material.
- SFTP runs over SSH; host-key handling follows the
ssh2/libssh2 defaults. - FTPS uses explicit TLS via native-tls. Plain FTP is unencrypted - the UI surfaces the protocol clearly so users make an informed choice.
- The Tauri Content-Security-Policy restricts the webview to
'self'(seesrc-tauri/tauri.conf.jsonandindex.html). - The frontend can only call the explicitly allow-listed Tauri commands; there is no arbitrary shell or filesystem bridge exposed to the webview.
- Tauri capabilities (
src-tauri/capabilities/main.json) scope plugin permissions to the minimum required.
cargo auditandnpm auditrun in CI (and weekly) - see.github/workflows/security.yml.- CodeQL static analysis runs on every push/PR.
- Dependabot keeps npm, cargo, and GitHub Actions dependencies patched.
- Release binaries are built in CI and support code signing / notarization (macOS) and Tauri's updater signing keys (secrets configured in repo settings).
During the 0.x series, only the latest minor release receives security fixes.