diff --git a/pkg/config/config.go b/pkg/config/config.go
index 1e6b998eb..7c9c221d6 100644
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@@ -52,6 +52,9 @@ type Config struct {
 	// AuthInfos is a map of referenceable names to user configs
 	AuthInfos map[string]*AuthInfo `json:"users"`
 
+	// Permissions is a struct of permissions for file and directory
+	Permissions Permissions `json:"permissions,omitempty"`
+
 	// Contexts is a map of referenceable names to context configs
 	Contexts map[string]*Context `json:"contexts"`
 
@@ -81,6 +84,12 @@ type Config struct {
 	kubeConfig *clientcmdapi.Config
 }
 
+// Permissions has the permissions for file and directory
+type Permissions struct {
+	DirectoryPermission uint32
+	FilePermission      uint32
+}
+
 // LoadConfig populates the Config object using the files found at
 // airshipConfigPath and kubeConfigPath
 func (c *Config) LoadConfig(airshipConfigPath, kubeConfigPath string, create bool) error {
@@ -418,13 +427,25 @@ func (c *Config) PersistConfig() error {
 
 	// WriteFile doesn't create the directory, create it if needed
 	configDir := filepath.Dir(c.loadedConfigPath)
-	err = os.MkdirAll(configDir, 0755)
+	err = os.MkdirAll(configDir, os.FileMode(c.Permissions.DirectoryPermission))
 	if err != nil {
 		return err
 	}
 
 	// Write the Airship Config file
-	err = ioutil.WriteFile(c.loadedConfigPath, airshipConfigYaml, 0600)
+	err = ioutil.WriteFile(c.loadedConfigPath, airshipConfigYaml, os.FileMode(c.Permissions.FilePermission))
+	if err != nil {
+		return err
+	}
+
+	// Change the permission of directory
+	err = os.Chmod(configDir, os.FileMode(c.Permissions.DirectoryPermission))
+	if err != nil {
+		return err
+	}
+
+	// Change the permission of config file
+	err = os.Chmod(c.loadedConfigPath, os.FileMode(c.Permissions.FilePermission))
 	if err != nil {
 		return err
 	}
diff --git a/pkg/config/constants.go b/pkg/config/constants.go
index 8ef76ce2c..9e7da97df 100644
--- a/pkg/config/constants.go
+++ b/pkg/config/constants.go
@@ -45,6 +45,8 @@ const (
 	AirshipConfigVersion                  = "v1alpha1"
 	AirshipDefaultBootstrapInfo           = "default"
 	AirshipDefaultContext                 = "default"
+	AirshipDefaultDirectoryPermission     = 0750
+	AirshipDefaultFilePermission          = 0640
 	AirshipDefaultManagementConfiguration = "default"
 	AirshipDefaultManifest                = "default"
 	AirshipDefaultManifestRepo            = "treasuremap"
diff --git a/pkg/config/testdata/config-string.yaml b/pkg/config/testdata/config-string.yaml
index cdf3db40a..c02df114f 100644
--- a/pkg/config/testdata/config-string.yaml
+++ b/pkg/config/testdata/config-string.yaml
@@ -47,5 +47,8 @@ manifests:
         url: http://dummy.url.com/manifests.git
     subPath: manifests/site/test-site
     targetPath: /var/tmp/
+permissions:
+  DirectoryPermission: 488
+  FilePermission: 416
 users:
   dummy_user: {}
diff --git a/pkg/config/utils.go b/pkg/config/utils.go
index 210dd1c01..e15c1a310 100644
--- a/pkg/config/utils.go
+++ b/pkg/config/utils.go
@@ -42,7 +42,11 @@ func NewConfig() *Config {
 				},
 			},
 		},
-		Clusters:  make(map[string]*ClusterPurpose),
+		Clusters: make(map[string]*ClusterPurpose),
+		Permissions: Permissions{
+			DirectoryPermission: AirshipDefaultDirectoryPermission,
+			FilePermission:      AirshipDefaultFilePermission,
+		},
 		AuthInfos: make(map[string]*AuthInfo),
 		Contexts: map[string]*Context{
 			AirshipDefaultContext: {
diff --git a/testutil/testconfig.go b/testutil/testconfig.go
index 20df903af..6e63a207b 100644
--- a/testutil/testconfig.go
+++ b/testutil/testconfig.go
@@ -42,6 +42,10 @@ func DummyConfig() *config.Config {
 		AuthInfos: map[string]*config.AuthInfo{
 			"dummy_user": DummyAuthInfo(),
 		},
+		Permissions: config.Permissions{
+			DirectoryPermission: config.AirshipDefaultDirectoryPermission,
+			FilePermission:      config.AirshipDefaultFilePermission,
+		},
 		BootstrapInfo: map[string]*config.Bootstrap{
 			"dummy_bootstrap_config": DummyBootstrapInfo(),
 		},