the security framework is not active during CLI requests because under normal circumstances it would be relatively easy to circumvent security measure, because you have access to all code and data. For example, a user can display all settings (including credentials) with ./flow configuration:show --type Settings.
Depending on your use case you might want to look into other ways to protect your commands (with external tools).
Thanks for yr reply!
Yes, I know, anybody can access all code from command line.
The background of my question is, some code should be executed by “Scheduler.Master” to import data from external sources. Of course the schedular has to know the credentials too.
And yes, it’s a general problem of all scripts, which i.e. have access to databases and so on.
But thank you for your info about security framework and CLI!