From 6680c0df2fd48c0a65ba816ed51357da370894a3 Mon Sep 17 00:00:00 2001
From: Justin Dray <justin@dray.be>
Date: Wed, 19 Jul 2017 18:55:51 +1000
Subject: [PATCH] Add documentation on using credstash as a secret store
 (#2988)

---
 source/_docs/configuration/secrets.markdown | 23 +++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/source/_docs/configuration/secrets.markdown b/source/_docs/configuration/secrets.markdown
index 14170759340..36705981102 100644
--- a/source/_docs/configuration/secrets.markdown
+++ b/source/_docs/configuration/secrets.markdown
@@ -89,3 +89,26 @@ Please enter password for encrypted keyring:
 <p class='note warning'>
   If you are using the Python Keyring, [autostarting](/getting-started/autostart/) of Home Assistant will no longer work.
 </p>
+
+### {% linkable_title Storing passwords in a keyring managed by your OS %}
+
+Using [Credstash](https://github.com/fugue/credstash) is an alternative way to `secrets.yaml`. They can be managed from the command line via the credstash script.
+
+Before using credstash, you need to set up AWS credentials either via the `aws` command line tool, or using environment variables as explained in the [AWS CLI docs](http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html) as well as creating a KMS key named 'credstash' as explained in the [credstash readme](https://github.com/fugue/credstash#setting-up-kms). After that is complete, you can use the provided script to add secrets to your Home Assistant secret store in credstash
+
+```bash
+$ hass --script credstash --help
+```
+
+To store a password in credstash, replace your password or API key with `!secret` and an identifier in `configuration.yaml` file.
+
+```yaml
+http:
+  api_password: !secret http_password
+```
+
+Create an entry in your credstash store.
+
+```bash
+$ hass --script credstash set http_password
+```