Security
BLDR CLI is a tool that interacts and integrates into your Salesforce Marketing Cloud instance; as such it will need to be provisioned with API access through a Server-to-Server installed package.
Installed Package setup can be found in Getting Started
The BLDR CLI does not store any API credentials in plain-text or files directly stored on your machine. As a default, BLDR integrates with your machines password/credential management software; Mac users leverage OSX Keychain Access, and Windows users leverage Windows Credential Management.
In addition to the security Keychain and Credential Management provide, BLDR takes additional steps to secure your credentials.
During the initial configuration, an encryption key will be created and stored securely.
Prior to being stored, Client ID and Client Secret values from your Installed Packages will have a salt value added to them and will be encrypted using AES-256 encryption.
Data Handling
Credentials
BLDR does not persist any credential information, keys, or secrets in locally stored files.
State Management
State management is handled using an npm package - conf.
BLDR creates a file (Location based on system default user config) to manage the set SFMC instance.
State managed data includes:
- Set SFMC Instance/MID
- File content waiting to be pushed to SFMC (this is referenced as stash)