mirror of
https://github.com/home-assistant/home-assistant.io.git
synced 2025-07-22 16:56:50 +00:00
Secrets.yaml and securing your instance: add related topics (#32960)
This commit is contained in:
parent
6b2dacd0b6
commit
be9bce9a82
@ -6,6 +6,8 @@ related:
|
||||
title: configuration.yaml file
|
||||
- docs: /docs/configuration/splitting_configuration/
|
||||
title: Splitting the configuration
|
||||
- docs: /docs/configuration/securing/
|
||||
title: Securing your instance
|
||||
---
|
||||
|
||||
The {% term "`configuration.yaml`" %} file is a plain-text file, thus it is readable by anyone who has access to the file. The file contains passwords and API tokens which need to be redacted if you want to share your configuration. By using `!secret` you can remove any private information from your configuration files. This separation can also help you to keep easier track of your passwords and API keys, as they are all stored at one place and no longer spread across the {% term "`configuration.yaml`" %} file or even multiple YAML files if you [split up your configuration](/docs/configuration/splitting_configuration/).
|
||||
|
@ -1,6 +1,15 @@
|
||||
---
|
||||
title: "Securing"
|
||||
description: "Instructions on how to secure your Home Assistant installation."
|
||||
|
||||
related:
|
||||
- docs: /docs/configuration/
|
||||
- docs: /docs/configuration/secrets/
|
||||
title: Secrets.yaml file
|
||||
- docs: /cloud/
|
||||
title: Home Assistant Cloud
|
||||
- url: https://nabucasa.com/config/
|
||||
title: Nabu Casa
|
||||
---
|
||||
|
||||
One major advantage of Home Assistant is that it is not dependent on cloud services. Even if you are only using Home Assistant on a local network, you should take steps to secure your instance.
|
||||
@ -9,9 +18,9 @@ One major advantage of Home Assistant is that it is not dependent on cloud servi
|
||||
|
||||
Here's the summary of what you *must* do to secure your Home Assistant system:
|
||||
|
||||
- Centralize sensitive data in [secrets](/docs/configuration/secrets/) (but do remember to back them up)
|
||||
- Centralize sensitive data in [secrets](/docs/configuration/secrets/) (but do remember to back them up).
|
||||
- **Note**: Storing secrets in `secrets.yaml` does not encrypt them.
|
||||
- Regularly keep the system up to date
|
||||
- Regularly keep the system up to date.
|
||||
|
||||
## Remote access
|
||||
|
||||
@ -23,9 +32,9 @@ To expose your instance to the internet, use a [VPN](https://pivpn.io), or an [S
|
||||
|
||||
### Extras for manual installations
|
||||
|
||||
Besides the above we advise that you consider the following to improve security:
|
||||
Besides the above, we advise that you consider the following to improve security:
|
||||
|
||||
- For systems that use SSH set `PermitRootLogin no` in your sshd configuration (usually `/etc/ssh/sshd_config`) and to use SSH keys for authentication instead of passwords. This is particularly important if you enable remote access to your SSH services.
|
||||
- For systems that use SSH, set `PermitRootLogin no` in your sshd configuration (usually `/etc/ssh/sshd_config`) and use SSH keys for authentication instead of passwords. This is particularly important if you enable remote access to your SSH services.
|
||||
- Lock down the host following good practice guidance, for example:
|
||||
- [Securing Debian Manual](https://www.debian.org/doc/manuals/securing-debian-manual/index.en.html) (this also applies to Raspberry Pi OS)
|
||||
- [Red Hat Enterprise Linux 7 Security Guide](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/index), [CIS Red Hat Enterprise Linux 7 Benchmark](https://www.cisecurity.org/cis-benchmarks/)
|
||||
|
Loading…
x
Reference in New Issue
Block a user