home-assistant.io/securing.markdown at 0cb4fe10c47d49483060ba6a07fc7883f60c3810

jeans/home-assistant.io

Fork 0

mirror of https://github.com/home-assistant/home-assistant.io.git synced 2025-08-14 11:49:41 +00:00

Files

.devcontainer

.github

.vscode

plugins

sass

source

.well-known

_dashboards

_data

_docs

authentication

automation

backend

blueprint

configuration

basic.markdown

customizing-devices.markdown

entities_domains.markdown

events.markdown

packages.markdown

platform_options.markdown

remote.markdown

secrets.markdown

securing.markdown

splitting_configuration.markdown

state_object.markdown

templating.markdown

troubleshooting.markdown

yaml.markdown

energy

frontend

organizing

scene

scripts

tools

z-wave

authentication.markdown

automation.markdown

backend.markdown

blueprint.markdown

configuration.markdown

energy.markdown

frontend.markdown

glossary.html

locked_out.md

organizing.markdown

quality_scale.markdown

scene.markdown

scripts.markdown

tools.markdown

troubleshooting_general.markdown

_faq

_includes

_integrations

_layouts

_posts

addons

android

assets

blog

blue

blueprints

changelogs

cloud

code_of_conduct

common-tasks

conference

connectzbt1

dashboards

developers

docs

faq

getting-started

green

help

home-energy-management

images

installation

integrations

ios

javascripts

more-info

privacy

security

state-of-the-open-home

static

stylesheets

tag

tos

voice_control

yellow

404.html

CNAME

_headers

_redirects

atom.xml

favicon.png

googlef4f3693c209fe788.html

index.html

integrations.json

robots.txt

service_worker.js

version.json

.editorconfig

.gitattributes

.gitignore

.markdownlint.json

.nvmrc

.powrc

.remarkignore

.remarkrc.js

.ruby-version

.textlintrc.json

CLA.md

CODEOWNERS

CODE_OF_CONDUCT.md

Gemfile

Gemfile.lock

LICENSE.md

README.md

Rakefile

_config.yml

config.rb

config.ru

package-lock.json

package.json

c0ffeeca7 be9bce9a82 Secrets.yaml and securing your instance: add related topics (#32960 )

2024-05-27 08:57:57 +02:00

2.1 KiB

Raw Blame History

title, description, related

title

description

Securing

Instructions on how to secure your Home Assistant installation.

docs
/docs/configuration/

docs	title
/docs/configuration/secrets/	Secrets.yaml file

docs	title
/cloud/	Home Assistant Cloud

url	title
https://nabucasa.com/config/	Nabu Casa

One major advantage of Home Assistant is that it is not dependent on cloud services. Even if you are only using Home Assistant on a local network, you should take steps to secure your instance.

Checklist

Here's the summary of what you must do to secure your Home Assistant system:

Centralize sensitive data in secrets (but do remember to back them up).
- Note: Storing secrets in secrets.yaml does not encrypt them.
Regularly keep the system up to date.

Remote access

If you want secure remote access, the easiest option is to use Home Assistant Cloud by which you also support the founders of Home Assistant.

Another option is to use TLS/SSL via the add-on Duck DNS integrating Let's Encrypt.

To expose your instance to the internet, use a VPN, or an SSH tunnel. Make sure to expose the used port in your router.

Extras for manual installations

Besides the above, we advise that you consider the following to improve security:

For systems that use SSH, set PermitRootLogin no in your sshd configuration (usually /etc/ssh/sshd_config) and use SSH keys for authentication instead of passwords. This is particularly important if you enable remote access to your SSH services.
Lock down the host following good practice guidance, for example:
- Securing Debian Manual (this also applies to Raspberry Pi OS)
- Red Hat Enterprise Linux 7 Security Guide, CIS Red Hat Enterprise Linux 7 Benchmark

2.1 KiB Raw Blame History

Checklist

Remote access

Extras for manual installations

2.1 KiB

Raw Blame History