jeans/home-assistant.io
jeans/home-assistant.io
1
0
Fork 0
mirror of https://github.com/home-assistant/home-assistant.io.git synced 2025-07-19 07:17:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Initial docs for storing secrets (#601)

Browse Source
This commit is contained in:
Fabian Affolter 2016-07-01 17:20:17 +02:00 committed by Paulus Schoutsen
parent c4dc276e77
commit ea6304ee6c
1 changed files with 61 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
source/_topics/secrets.markdown Normal file
View File

@ -0,0 +1,61 @@
---
layout: page
title: "Storing secrets"
description: "Storing secrets outside of your configuration.yaml."
date: 2016-07-01 08:30
sidebar: false
comments: false
sharing: true
footer: true
---
The `configuration.yaml` file a plain-text file thus it is readable for everyone who has access to the file. The file contains passwords and API tokens which need to be redacted if you want to share your configuration. This separation can also help you to keep easier track of your passwords and API keys (as they are all stored at one place and no longer spread across the `configuration.yaml` file) if you don't want to [split up your configuration](topics/splitting_configuration/).
### {% linkable_title `secrets.yaml` %}
The workflow for the outsourcing in the `secrets.yaml` are very similar to the [splitting of the configuration](topics/splitting_configuration/). Create a `secrets.yaml` file in your Home assistant configuration directory (The location of the folder differs between operating systems: on OS X and Linux it's `~/.homeassistant` and on Windows it's `%APPDATA%/.homeassistant`).
The entries for password and API keys in the `configuration.yaml` file usally looks like the example below.
```yaml
http:
api_password: YOUR_PASSWORD
```
Those entries need to be replaced with `!secret` and a identifier.
```yaml
http:
api_password: !secret http_password
```
The `secrets.yaml` files stored the corresponding password assigned to the identifier.
```yaml
debug: 0
http_password: YOUR_PASSWORD
```
### {% linkable_title Python Keyring %}
Using [Keyring](http://pythonhosted.org/keyring/) is an alternative way to `secrets.yaml` but requires that `keyring` is installed (incl. its command-line tools). This can be done with:
```bash
$ pip3 install keyring
```
Replaced your password or API key with `!secret` and an identifier in `configuration.yaml` file.
```yaml
http:
api_password: !secret http_password
```
Create an entry in your keyring. The service is (SERVICE) `homeassistant` and the identifier is the USERNAME.
```bash
$ keyring-3.4 set homeassistant http_password
Password for 'http_password' in 'homeassistant': YOUR_PASSWORD
```