This project does not handle secrets on behalf of anyone other than the local user.
All sensitive information (OAuth tokens, Client ID, VIN) is stored only on your local machine:
| File | Contents | Permissions |
|---|---|---|
~/.tesla-cli/config.json |
Client ID, VIN | 0600 (user read/write only) |
~/.tesla-cli/tokens.json |
Access token, Refresh token | 0600 (user read/write only) |
These files are never read by or sent to any server other than the official Tesla Fleet API.
- Passwords are never written to disk.
- No telemetry, analytics, or crash reporting of any kind.
- No data is sent to any server other than
https://fleet-api.prd.*.vn.cloud.tesla.comandhttps://auth.tesla.com.
Never commit the following to version control:
~/.tesla-cli/config.json~/.tesla-cli/tokens.json- Any file containing tokens, passwords, API keys, VINs, or session data
The .gitignore in this repository excludes all local config and token files by pattern.
If you discover a security vulnerability in this project, please open a GitHub Issue or contact the maintainer directly. Do not disclose vulnerabilities publicly before they have been addressed.