jeena/home-assistant.github.io
1
0
Fork 0
Code Issues Pull requests Projects Packages Wiki Activity Actions
home-assistant.github.io/docs/configuration/secrets/index.html
Travis CI 201647593b Site updated at 2017-03-30 07:15:49 UTC
2017-03-30 07:15:49 +00:00

365 lines
21 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!doctype html>
<!--[if lt IE 7]> <html class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
<!--[if IE 7]> <html class="no-js lt-ie9 lt-ie8"> <![endif]-->
<!--[if IE 8]> <html class="no-js lt-ie9"> <![endif]-->
<!--[if gt IE 8]><!--> <html> <!--<![endif]-->
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<title>Storing secrets - Home Assistant</title>
<meta name="author" content="Home Assistant">
<meta name="description" content="Storing secrets outside of your configuration.yaml.">
<meta name="viewport" content="width=device-width">
<link rel="canonical" href="https://home-assistant.io/docs/configuration/secrets/">
<meta property="fb:app_id" content="338291289691179">
<meta property="og:title" content="Storing secrets">
<meta property="og:site_name" content="Home Assistant">
<meta property="og:url" content="https://home-assistant.io/docs/configuration/secrets/">
<meta property="og:type" content="article">
<meta property="og:description" content="Storing secrets outside of your configuration.yaml.">
<meta property="og:image" content="https://home-assistant.io/images/default-social.png">
<meta name="twitter:card" content="summary_large_image">
<meta name="twitter:site" content="@home_assistant">
<meta name="twitter:title" content="Storing secrets">
<meta name="twitter:description" content="Storing secrets outside of your configuration.yaml.">
<meta name="twitter:image" content="https://home-assistant.io/images/default-social.png">
<link href="/stylesheets/screen.css" media="screen, projection" rel="stylesheet">
<link href="/atom.xml" rel="alternate" title="Home Assistant" type="application/atom+xml">
<link rel='shortcut icon' href='/images/favicon.ico' />
<link rel='icon' type='image/png' href='/images/favicon-192x192.png' sizes='192x192' />
</head>
<body >
<header>
<div class="grid-wrapper">
<div class="grid">
<div class="grid__item three-tenths lap-two-sixths palm-one-whole ha-title">
<a href="/" class="site-title">
<img width='40' src='/demo/favicon-192x192.png'>
<span>Home Assistant</span>
</a>
</div>
<div class="grid__item seven-tenths lap-four-sixths palm-one-whole">
<nav>
<input type="checkbox" id="toggle">
<label for="toggle" class="toggle" data-open="Main Menu" data-close="Close Menu"></label>
<ul class="menu pull-right">
<li><a href="/getting-started/">Getting started</a></li>
<li><a href="/components/">Components</a></li>
<li><a href="/docs/">Docs</a></li>
<li><a href="/cookbook/">Examples</a></li>
<li><a href="/developers/">Developers</a></li>
<li><a href="/blog/">Blog</a></li>
<li><a href="/help/">Need help?</a></li>
</ul>
</nav>
</div>
</div>
</div>
</header>
<div class="grid-wrapper">
<div class="grid grid-center">
<div class="grid__item two-thirds lap-one-whole palm-one-whole">
<article class="page">
<div class='edit-github'><a href='https://github.com/home-assistant/home-assistant.github.io/tree/current/source/_docs/configuration/secrets.markdown'>Edit this page on GitHub</a></div>
<header>
<h1 class="title indent">
Storing Secrets
</h1>
</header>
<hr class="divider">
<p>The <code class="highlighter-rouge">configuration.yaml</code> file is a plain-text file, thus it is readable by anyone who has access to the file. The file contains passwords and API tokens which need to be redacted if you want to share your configuration. By using <code class="highlighter-rouge">!secrets</code> you can remove any private information from you configuration files. This separation can also help you to keep easier track of your passwords and API keys. As they are all stored at one place and no longer spread across the <code class="highlighter-rouge">configuration.yaml</code> file or even multiple yaml files if you <a href="/topics/splitting_configuration/">split up your configuration</a>.</p>
<h3><a class="title-link" name="using-secretsyaml" href="#using-secretsyaml"></a> Using secrets.yaml</h3>
<p>The workflow for moving private information to <code class="highlighter-rouge">secrets.yaml</code> is very similar to the <a href="/topics/splitting_configuration/">splitting of the configuration</a>. Create a <code class="highlighter-rouge">secrets.yaml</code> file in your Home assistant configuration directory (The location of the folder differs between operating systems: on OS X and Linux its <code class="highlighter-rouge">~/.homeassistant</code> and on Windows its <code class="highlighter-rouge">%APPDATA%/.homeassistant</code>).</p>
<p>The entries for password and API keys in the <code class="highlighter-rouge">configuration.yaml</code> file usually looks like the example below.</p>
<div class="language-yaml highlighter-rouge"><pre class="highlight"><code><span class="s">http</span><span class="pi">:</span>
<span class="s">api_password</span><span class="pi">:</span> <span class="s">YOUR_PASSWORD</span>
</code></pre>
</div>
<p>Those entries need to be replaced with <code class="highlighter-rouge">!secret</code> and a identifier.</p>
<div class="language-yaml highlighter-rouge"><pre class="highlight"><code><span class="s">http</span><span class="pi">:</span>
<span class="s">api_password</span><span class="pi">:</span> <span class="kt">!secret</span> <span class="s">http_password</span>
</code></pre>
</div>
<p>The <code class="highlighter-rouge">secrets.yaml</code> file contains the corresponding password assigned to the identifier.</p>
<div class="language-yaml highlighter-rouge"><pre class="highlight"><code><span class="s">http_password</span><span class="pi">:</span> <span class="s">YOUR_PASSWORD</span>
</code></pre>
</div>
<h3><a class="title-link" name="debugging-secrets" href="#debugging-secrets"></a> Debugging secrets</h3>
<p>When you start splitting your configuration into multiple files, you might end up with configuration in sub folders. Secrets will be resolved in this order:</p>
<ul>
<li>A <code class="highlighter-rouge">secrets.yaml</code> located in the same folder as the yaml file referencing the secret,</li>
<li>next, parent folders will be searched for a <code class="highlighter-rouge">secrets.yaml</code> file with the secret, stopping at the folder with the main <code class="highlighter-rouge">configuration.yaml</code>,</li>
<li>lastly, <code class="highlighter-rouge">keyring</code> will be queried for the secret (more info below)</li>
</ul>
<p>To see where secrets are being loaded from you can either add an option to your <code class="highlighter-rouge">secrets.yaml</code> file or use the <code class="highlighter-rouge">check_config</code> script.</p>
<p><em>Option 1</em>: Print where secrets are retrieved from to the Home Assistant log by adding the following to <code class="highlighter-rouge">secrets.yaml</code>:</p>
<div class="language-yaml highlighter-rouge"><pre class="highlight"><code><span class="s">logger</span><span class="pi">:</span> <span class="s">debug</span>
</code></pre>
</div>
<p>This will not print the actual secrets value to the log.</p>
<p><em>Option 2</em>: View where secrets are retrieved from and the contents of all <code class="highlighter-rouge">secrets.yaml</code> files used, you can use the <code class="highlighter-rouge">check_config</code> script from the command line:</p>
<div class="language-bash highlighter-rouge"><pre class="highlight"><code>hass --script check_config --secrets
</code></pre>
</div>
<p>This will print all your secrets</p>
<h3><a class="title-link" name="storing-passwords-in-a-keyring-managed-by-your-os" href="#storing-passwords-in-a-keyring-managed-by-your-os"></a> Storing passwords in a keyring managed by your OS</h3>
<p>Using <a href="http://pythonhosted.org/keyring/">Keyring</a> is an alternative way to <code class="highlighter-rouge">secrets.yaml</code>. They can be managed from the command line via the keyring script.</p>
<div class="language-bash highlighter-rouge"><pre class="highlight"><code><span class="gp">$ </span>hass --script keyring --help
</code></pre>
</div>
<p>To store a password in keyring, replace your password or API key with <code class="highlighter-rouge">!secret</code> and an identifier in <code class="highlighter-rouge">configuration.yaml</code> file.</p>
<div class="language-yaml highlighter-rouge"><pre class="highlight"><code><span class="s">http</span><span class="pi">:</span>
<span class="s">api_password</span><span class="pi">:</span> <span class="kt">!secret</span> <span class="s">http_password</span>
</code></pre>
</div>
<p>Create an entry in your keyring.</p>
<div class="language-bash highlighter-rouge"><pre class="highlight"><code><span class="gp">$ </span>hass --script keyring <span class="nb">set </span>http_password
</code></pre>
</div>
<p>If you launch Home Assistant now, you will be prompted for the keyring password to unlock your keyring.</p>
<div class="language-bash highlighter-rouge"><pre class="highlight"><code><span class="gp">$ </span>hass
Config directory: /home/fab/.homeassistant
Please enter password <span class="k">for </span>encrypted keyring:
</code></pre>
</div>
<p class="note warning">
If your are using the Python Keyring, <a href="/getting-started/autostart/">autostarting</a> of Home Assistant will no longer work.
</p>
</article>
</div>
<aside id="sidebar" class="grid__item one-third lap-one-whole palm-one-whole">
<div class="grid">
<section class="aside-module grid__item one-whole lap-one-half">
<div class='section'>
<h1 class="title delta">Topics</h1>
<ul class='divided sidebar-menu'>
<li>
<a href='/docs/installation/'>Installation </a>
<ul>
<li><a href='/docs/installation/virtualenv/'>Python Virtual Env </a></li>
<li><a href='/docs/installation/raspberry-pi-all-in-one/'>Raspberrry Pi All-in-One </a></li>
<li><a href='/docs/installation/updating/'>Updating </a></li>
<li><a href='/docs/installation/troubleshooting/'>Troubleshooting </a></li>
</ul>
</li>
<li>
<a href='/docs/hassbian/'>Hassbian </a>
<ul>
<li><a href='/docs/hassbian/installation/'>Installation </a></li>
<li><a href='/docs/hassbian/customization/'>Customization </a></li>
<li><a href='/docs/hassbian/common-tasks/'>Common tasks </a></li>
<li><a href='/docs/hassbian/integrations/'>Integrations </a></li>
<li><a href='/docs/hassbian/upgrading/'>Upgrading </a></li>
</ul>
</li>
<li>
<a href='/docs/configuration/'>Configuration </a>
<ul>
<li><a href='/docs/configuration/yaml/'>YAML </a></li>
<li><a href='/docs/configuration/basic/'>Basic information </a></li>
<li><a href='/docs/configuration/devices/'>Setting up devices </a></li>
<li><a href='/docs/configuration/customizing-devices/'>Customizing devices and services </a></li>
<li><a href='/docs/configuration/troubleshooting/'>Troubleshooting </a></li>
<li><a href='/docs/configuration/securing/'>Security Check Points </a></li>
</ul>
</li>
<li>
Advanced Configuration
<ul>
<li><a href='/docs/configuration/remote/'>Remote access </a></li>
<li><a href='/docs/configuration/packages/'>Packages </a></li>
<li><a href='/docs/configuration/splitting_configuration/'>Splitting up the configuration </a></li>
<li><a class='active' href='/docs/configuration/secrets/'>Storing Secrets </a></li>
<li><a href='/docs/configuration/templating/'>Templating </a></li>
<li><a href='/docs/configuration/group_visibility/'>Group Visibility </a></li>
<li><a href='/docs/configuration/events/'>Events </a></li>
<li><a href='/docs/configuration/state_object/'>State Objects </a></li>
<li><a href='/docs/configuration/platform_options/'>Entity component platform options </a></li>
</ul>
</li>
<li>
<a href='/docs/automation/'>Automation </a>
<ul>
<li><a href='/docs/automation/examples/'>Examples </a></li>
<li><a href='/docs/automation/trigger/'>Triggers </a></li>
<li><a href='/docs/automation/condition/'>Conditions </a></li>
<li><a href='/docs/automation/action/'>Actions </a></li>
<li><a href='/docs/automation/templating/'>Templates </a></li>
</ul>
</li>
<li>
<a href='/docs/frontend/'>Frontend </a>
<ul>
<li><a href='/docs/frontend/mobile/'>Android/iOS Homescreen </a></li>
<li><a href='/docs/frontend/webserver/'>Web server fingerprint </a></li>
<li><a href='/docs/frontend/browsers/'>Browser Compatibility List </a></li>
</ul>
</li>
<li>
<a href='/docs/backend/'>Backend </a>
<ul>
<li><a href='/docs/backend/database/'>Database </a></li>
<li><a href='/docs/backend/updater/'>Updater </a></li>
<li><a href='/developers/api/'>API </a></li>
</ul>
</li>
<li>
<a href='/docs/scripts/'>Scripts </a>
<ul>
<li><a href='/docs/scripts/service-calls/'>Service Calls </a></li>
<li><a href='/docs/scripts/conditions/'>Conditions </a></li>
</ul>
</li>
<li>
<a href='/docs/tools/'>Tools and Helpers </a>
<ul>
<li><a href='/docs/tools/dev-tools/'>Developer Tools </a></li>
<li><a href='/docs/tools/hass/'>hass </a></li>
<li><a href='/docs/tools/scripts/'>Scripts </a></li>
</ul>
</li>
<li>
<a href='/docs/z-wave/'>Z-Wave </a>
<ul>
<li><a href='/docs/z-wave/controllers/'>Controllers </a></li>
<li><a href='/docs/z-wave/settings/'>Modifying Settings </a></li>
<li><a href='/docs/z-wave/device-specific/'>Device Specific </a></li>
</ul>
</li>
<li>
<a href='/docs/mqtt/'>MQTT </a>
<ul>
<li><a href='/docs/mqtt/broker/'>Broker </a></li>
<li><a href='/docs/mqtt/certificate/'>Certificate </a></li>
<li><a href='/docs/mqtt/discovery/'>Discovery </a></li>
<li><a href='/docs/mqtt/service/'>Publish service </a></li>
<li><a href='/docs/mqtt/birth_will/'>Birth and last will messages </a></li>
<li><a href='/docs/mqtt/testing/'>Testing your setup </a></li>
<li><a href='/docs/mqtt/logging/'>Logging </a></li>
<li><a href='/docs/mqtt/processing_json/'>Processing JSON </a></li>
</ul>
</li>
<li>
<a href='/docs/ecosystem/'>Ecosystem </a>
<ul>
<li>
<a href='/docs/autostart/'>Autostart </a>
<ul>
<li><a href='/docs/autostart/systemd/'>systemd (Linux) </a></li>
<li><a href='/docs/autostart/upstart/'>Upstart (Linux) </a></li>
<li><a href='/docs/autostart/init.d/'>init.d (Linux) </a></li>
<li><a href='/docs/autostart/macos/'>macOS </a></li>
<li><a href='/docs/autostart/synology/'>Synology NAS </a></li>
</ul>
</li>
<li>
<a href='/docs/ecosystem/appdaemon/'>AppDaemon </a>
<ul>
<li><a href='/docs/ecosystem/appdaemon/installation/'>Installation </a></li>
<li><a href='/docs/ecosystem/appdaemon/configuration/'>Configuration </a></li>
<li><a href='/docs/ecosystem/appdaemon/example_apps/'>Example Apps </a></li>
<li><a href='/docs/ecosystem/appdaemon/running/'>Running AppDaemon </a></li>
<li><a href='/docs/ecosystem/appdaemon/reboot/'>Starting AppDaemon at Reboot </a></li>
<li><a href='/docs/ecosystem/appdaemon/operation/'>Operation </a></li>
<li><a href='/docs/ecosystem/appdaemon/windows/'>AppDaemon on Windows </a></li>
<li><a href='/docs/ecosystem/appdaemon/updating/'>Updating AppDaemon </a></li>
<li><a href='/docs/ecosystem/appdaemon/tutorial/'>AppDaemon Tutorial </a></li>
<li><a href='/docs/ecosystem/appdaemon/api/'>AppDaemon API Reference </a></li>
</ul>
</li>
<li>
<a href='/docs/ecosystem/hadashboard/'>HADashboard </a>
<ul>
<li><a href='/docs/ecosystem/hadashboard/installation/'>Installation </a></li>
<li><a href='/docs/ecosystem/hadashboard/dash_config/'>Dashboard Configuration </a></li>
<li><a href='/docs/ecosystem/hadashboard/hapush/'>HAPush </a></li>
<li><a href='/docs/ecosystem/hadashboard/reboot/'>Reboot </a></li>
<li><a href='/docs/ecosystem/hadashboard/updating/'>Updating HADashboard </a></li>
</ul>
</li>
<li>
<a href='/docs/ecosystem/notebooks/'>Notebooks </a>
<ul>
<li><a href='/docs/ecosystem/notebooks/'>Introduction </a></li>
<li><a href='/docs/ecosystem/notebooks/installation/'>Installation </a></li>
<li><a href='/docs/ecosystem/notebooks/graph/'>Graph </a></li>
<li><a href='/docs/ecosystem/notebooks/api/'>Home Assistant API </a></li>
<li><a href='/docs/ecosystem/notebooks/database/'>Databsase </a></li>
<li><a href='/docs/ecosystem/notebooks/stats/'>Statistics </a></li>
</ul>
</li>
<li>
<a href='/docs/ecosystem/ios/notifications/'>iOS </a>
<ul>
<li><a href='/docs/ecosystem/ios/notifications/basic/'>Basic notifications </a></li>
<ul>
<li><a href='/docs/ecosystem/ios/notifications/sounds/'>Sounds </a></li>
<li><a href='/docs/ecosystem/ios/notifications/architecture/'>Architecture </a></li>
<li><a href='/docs/ecosystem/ios/notifications/privacy_security_rate_limits/'>Privacy, rate limiting and security </a></li>
</ul>
<li>Advanced notifications</li>
<ul>
<li><a href='/docs/ecosystem/ios/notifications/attachments/'>Attachments </a></li>
<li><a href='/docs/ecosystem/ios/notifications/content_extensions/'>Dynamic content </a></li>
<li><a href='/docs/ecosystem/ios/notifications/actions/'>Actionable notifications </a></li>
<li><a href='/docs/ecosystem/ios/notifications/requesting_location_updates/'>Requesting location updates </a></li>
</ul>
<li><a href='/docs/ecosystem/ios/location/'>Location Tracking </a></li>
<li><a href='/docs/ecosystem/ios/integration/'>Integration with other apps </a></li>
</ul>
</li>
<li>
Remote access
<ul>
<li><a href='/docs/ecosystem/apache/'>Apache </a></li>
<li><a href='/docs/ecosystem/nginx/'>NGINX </a></li>
<li><a href='/docs/ecosystem/tor/'>Tor Onion Service </a></li>
</ul>
</li>
<li>
Certificates
<ul>
<li><a href='/docs/ecosystem/certificates/tls_self_signed_certificate/'>Self-signed certificate </a></li>
<li><a href='/docs/ecosystem/certificates/tls_domain_certificate/'>Certificate domain owners </a></li>
</ul>
</li>
<li><a href='/docs/ecosystem/scenegen/'>scenegen </a></li>
<li><a href='/docs/ecosystem/synology/'>Synology </a></li>
<li><a href='/docs/ecosystem/backup/backup_github/'>Backup to GitHub </a></li>
<li><a href='/docs/ecosystem/hass-configurator/'>HASS Configurator </a></li>
</ul>
</ul>
</div>
</section>
</div>
</aside>
</div>
</div>
<footer>
<div class="grid-wrapper">
<div class="grid">
<div class="grid__item">
<div class="copyright">
<a rel="me" href='https://twitter.com/home_assistant'><i class="icon-twitter"></i></a>
<a rel="me" href='https://facebook.com/homeassistantio'><i class="icon-facebook"></i></a>
<a rel="me" href='https://plus.google.com/110560654828510104551'><i class="icon-google-plus"></i></a>
<a rel="me" href='https://github.com/home-assistant/home-assistant'><i class="icon-github"></i></a>
<div class="credit">
Contact us at <a href='mailto:hello@home-assistant.io'>hello@home-assistant.io</a>.<br>
Website powered by <a href='http://jekyllrb.com/'>Jekyll</a> and the <a href='https://github.com/coogie/oscailte'>Oscalite theme</a>.<br />
Hosted by <a href='https://pages.github.com/'>GitHub</a> and served by <a href='https://cloudflare.com'>CloudFlare</a>.
</div>
<a rel="license" href="http://creativecommons.org/licenses/by-nc-sa/4.0/"><img alt="Creative Commons License" style="border-width:0" src="https://i.creativecommons.org/l/by-nc-sa/4.0/88x31.png" /></a><br /><span xmlns:dct="http://purl.org/dc/terms/" property="dct:title">home-assistant.io</span> is licensed under a <a rel="license" href="http://creativecommons.org/licenses/by-nc-sa/4.0/">Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License</a>.
</div>
</div>
</div>
</div>
</footer>
<script>
var _gaq=[['_setAccount','UA-57927901-1'],['_trackPageview']];
(function(d,t){var g=d.createElement(t),s=d.getElementsByTagName(t)[0];
g.src=('https:'==location.protocol?'//ssl':'//www')+'.google-analytics.com/ga.js';
s.parentNode.insertBefore(g,s)}(document,'script'));
</script>
</body>
</html>
Reference in a new issue View git blame Copy permalink