Missing User Warnings
Medium
- Confidence
- 91% confidence
- Finding
- The document shows creating a local `api_key.json` file containing an App Store Connect private key, but it does not instruct users to restrict file permissions, avoid committing it, or securely delete it after use. In CI/CD contexts, leaving credential material on disk increases the chance of accidental exposure through workspace artifacts, logs, caches, or reused runners.
