jeans/home-assistant.io
jeans/home-assistant.io
1
0
Fork 0
mirror of https://github.com/home-assistant/home-assistant.io.git synced 2025-07-24 09:46:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Secrets.yaml and securing your instance: add related topics (#32960)

Browse Source
This commit is contained in:
c0ffeeca7 2024-05-27 08:57:57 +02:00 committed by GitHub
parent 6b2dacd0b6
commit be9bce9a82
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 15 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
source/_docs/configuration/secrets.markdown
View File

@ -6,6 +6,8 @@ related:
title: configuration.yaml file
- docs: /docs/configuration/splitting_configuration/
title: Splitting the configuration
- docs: /docs/configuration/securing/
title: Securing your instance
---
The {% term "`configuration.yaml`" %} file is a plain-text file, thus it is readable by anyone who has access to the file. The file contains passwords and API tokens which need to be redacted if you want to share your configuration. By using `!secret` you can remove any private information from your configuration files. This separation can also help you to keep easier track of your passwords and API keys, as they are all stored at one place and no longer spread across the {% term "`configuration.yaml`" %} file or even multiple YAML files if you [split up your configuration](/docs/configuration/splitting_configuration/).

17
source/_docs/configuration/securing.markdown
View File

@ -1,6 +1,15 @@
---
title: "Securing"
description: "Instructions on how to secure your Home Assistant installation."
related:
- docs: /docs/configuration/
- docs: /docs/configuration/secrets/
title: Secrets.yaml file
- docs: /cloud/
title: Home Assistant Cloud
- url: https://nabucasa.com/config/
title: Nabu Casa
---
One major advantage of Home Assistant is that it is not dependent on cloud services. Even if you are only using Home Assistant on a local network, you should take steps to secure your instance.
@ -9,9 +18,9 @@ One major advantage of Home Assistant is that it is not dependent on cloud servi
Here's the summary of what you *must* do to secure your Home Assistant system:
- Centralize sensitive data in [secrets](/docs/configuration/secrets/) (but do remember to back them up)
- Centralize sensitive data in [secrets](/docs/configuration/secrets/) (but do remember to back them up).
- **Note**: Storing secrets in `secrets.yaml` does not encrypt them.
- Regularly keep the system up to date
- Regularly keep the system up to date.
## Remote access
@ -23,9 +32,9 @@ To expose your instance to the internet, use a [VPN](https://pivpn.io), or an [S
### Extras for manual installations
Besides the above we advise that you consider the following to improve security:
Besides the above, we advise that you consider the following to improve security:
- For systems that use SSH set `PermitRootLogin no` in your sshd configuration (usually `/etc/ssh/sshd_config`) and to use SSH keys for authentication instead of passwords. This is particularly important if you enable remote access to your SSH services.
- For systems that use SSH, set `PermitRootLogin no` in your sshd configuration (usually `/etc/ssh/sshd_config`) and use SSH keys for authentication instead of passwords. This is particularly important if you enable remote access to your SSH services.
- Lock down the host following good practice guidance, for example:
- [Securing Debian Manual](https://www.debian.org/doc/manuals/securing-debian-manual/index.en.html) (this also applies to Raspberry Pi OS)
- [Red Hat Enterprise Linux 7 Security Guide](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/index), [CIS Red Hat Enterprise Linux 7 Benchmark](https://www.cisecurity.org/cis-benchmarks/)