3.0 KiB
layout, title, description, date, sidebar, comments, sharing, footer
| layout | title | description | date | sidebar | comments | sharing | footer |
|---|---|---|---|---|---|---|---|
| page | Storing secrets | Storing secrets outside of your configuration.yaml. | 2016-07-01 08:30 | false | false | true | true |
The configuration.yaml file a plain-text file thus it is readable for everyone who has access to the file. The file contains passwords and API tokens which need to be redacted if you want to share your configuration. This separation can also help you to keep easier track of your passwords and API keys (as they are all stored at one place and no longer spread across the configuration.yaml file) if you don't want to split up your configuration.
{% linkable_title Using secrets.yaml %}
The workflow for the outsourcing in the secrets.yaml are very similar to the splitting of the configuration. Create a secrets.yaml file in your Home assistant configuration directory (The location of the folder differs between operating systems: on OS X and Linux it's ~/.homeassistant and on Windows it's %APPDATA%/.homeassistant).
The entries for password and API keys in the configuration.yaml file usally looks like the example below.
http:
api_password: YOUR_PASSWORD
Those entries need to be replaced with !secret and a identifier.
http:
api_password: !secret http_password
The secrets.yaml files stored the corresponding password assigned to the identifier.
debug: 0
http_password: YOUR_PASSWORD
{% linkable_title Python Keyring %}
Using Keyring is an alternative way to secrets.yaml but requires that keyring is installed (incl. its command-line tools). This can be done with:
$ pip3 install keyring
Replaced your password or API key with !secret and an identifier in configuration.yaml file.
http:
api_password: !secret http_password
Create an entry in your keyring. The service (SERVICE) is homeassistant and the identifier is the USERNAME in the keyring context.
$ keyring set homeassistant http_password
Password for 'http_password' in 'homeassistant':
Please set a password for your new keyring:
Please confirm the password:
If the command-line tool keyring is not available, launch python3 and do the process manually.
>>> import keyring
>>> keyring.set_password("homeassistant", "http_password", "12345")
Please set a password for your new keyring:
Please confirm the password:
>>> keyring.get_password("homeassistant", "http_password")
'12345'
>>> keyring.get_keyring()
<EncryptedKeyring at /home/your_user/.local/share/python_keyring/crypted_pass.cfg>
If you launch home Assistant now, you will be prompted for the keyring password to unlock your keyring.
$ hass
Config directory: /home/fab/.homeassistant
Please enter password for encrypted keyring:
With this configuration [autostart](/getting-started/autostart/) will no longer work.