It’s so often misinterpreted by devs in general to justify pushing POC to production… I can see it in many companies (incl. one I work for).
Don’t ask me why. You as Agile specialist probably knows its genesis.
However, I’m pretty confident, that what happened here, is not an accident. IMO it’s planned to be forced because of some non-communicated interest. I cannot believe it’s because of a lack of education or imagination. It also applies to Madelena’s questions. I feel so abused by them…
in addition to the backup system of version 2024.12 (how can we force local encryption in the new release, we are able to personally manage our backups!!) I make a monthly clone of my ssd attached to the rpi 4 via the windows balena program. it works like a charm
I don’t think they need your work as an apologist.
They haven’t even acknowledged the biggest gaps.
I think you are pretty close here… As I pointed out previously, even more concerning than forced encryption is the abandonment of encryption keys of your own choosing. From now on you have to trust the operating system that the encryption key stays on your local installation, otherwise the door to decrypting cloud-data will be wide open…
I wouldn’t be surprised by a 2025.1.2
Here’s a nice backup situation summary I saw on Discord:
We have custom encryption, that:
- is enforced
- has no decryption tool
- has security issues (nonrandom IV)
- has file format issues (gets random broken due to padding, known for 2 years)
- is turned off, when it is the most critical (before update)
I love this, and echo your comments and support for the likes of tom_l and ShadowFist.
I’ve been following this since the beta, and have read every comment in this thread and the other related ones on the forum, PRs etc. Until a few moments ago, this just felt like another situation like the badges update - a big change that wasn’t well received, created a lot of noise, then things eventually settled down and we moved on.
But this feels different. I cannot remember seeing so many liked comments, replies and support, and it seems the mood is shifting from confusion/annoyance/anger to defeat. I know in the grand scheme of things that the sum of all of these likes and replies would still represent a minority in the total HA userbase, but surely it has to be indicative?
We’ve seen two formal responses from the HA team. Neither of which really said “we hear you, we might have got this wrong, let’s see what we can do”. Instead, we got a “why do you need this?” even though the feedback in the beta provided all of this, and a “you can unencrypt the encrypted backups in the application that might unavailable for the very reason that you’re trying to access your encrypted backup”.
I get that they might be reluctant to create a precedent and demonstrate that given enough noise, the community can force a change, but I have never seen this community so alienated.
Even if the HA team was to announce today that backups before updates and unencrypted-by-default local backups would return in the next release, I fear the damage has already been done - we’ve seen amazing mods and contributors start to question their future in the project and the HA team is going to have to work very hard to put this right.
We know HA is used by high profile individuals in the media. How long until LTT or The Verge runs a piece on this? That in itself could undo the amazing work that the HA team has done in recent years to promote this project.
I now find myself at the bargaining stage: HA team - please listen to your community. Enforced encryption for cloud backups are a must, but please let us chose whether or not encrypt when backing up to our trusted local sites. Also, please bring back the option to backup before installing updates.
My gut feeling is the same. But this would be self-inflicted if they (and yes I’m back in they and we) react and wait until there is a blind alley in the way you are mentioning.
Am I missing something here?
In 2025.1 does Settings → System → Backups encrypt the local backup file?
Thank you NC the HA team & community for your past, current & future work. It is quite amazing.
I too would like the choice to Not-encrypt or to encrypt At Will please.
I would also like the “pre-update backup” toggle to return please.
It would be very useful to enable multiple scheduled backups with or without encryption for each scheduled event for when and wherever is chosen. Local, LAN, Cloud, Carrier pigeon, Swappable removable drives etc…
How often: 1 - 2 weeks, activity dependant.
What for: Management or files & to cut paste; thus far 
…
Restoration: Non so far; but only been using HA for around 18 months or so.
On another note: HACS disappeared completely from my RPI3 Core install, I re-installed it. The only other casualty is local zigbee eWelink TH01 disappearing, I had the hammer of fixing in mind when re-configure didn’t work, but removing & adding worked.
TTFN.
How about this?
Complete encrypted backups - necessary because I do not want any credentials stored unencrypted anywhere,
and a second backup type that has a lot of data stripped out - logs, history and credentials that might be useful when I need to repair a script or broken config.
For a while I was considering signing up for NC to support the team. The way this has been handled has made me reconsider this.
I’d venture a guess that this system is designed to encourage people to use the great features provided by NC which is understandable and reasonable, however the implementation has caused people to go the other direction. More importantly than the implementation has been the communication or lack thereof.
There has been clear communication on the community’s side. It is unreasonable to ask for something clear on your end Nabu Casa? I get the burden of leadership. Mistakes happen, they are growing pains, leaders recognize them, own them, and move forward together.
The community is what makes Home Assistant. I suggest that without it, it would not be the awesome platform that it is today. Can you imagine HA without the community? I can’t.
It’s tempting to think it’s ok to make decisions like these behind closed doors and stand firm when they’re rejected, however it’s alienating and divisive. This is not dividing to the community. The community’s unity is fairly clear. This is perpetuating a rift between Nabu Casa and the community.
(If you’re interested in one person’s opinion of a path forward, start with sharing the reasons why this isn’t a straight forward pivot, and discuss what it would take to meet the major requests (unencrypted local backups, and restoring the update toggles)).
Perhaps you don’t care. I hope that you decide to show us otherwise.
OMG, our last resort is gone !
Even after this complete debacle, they still did it ?
Silence from the team on all these backup complaints. I simply don’t get why and there are still no unencrypted option for backup when reading 2025.1.1 notes.
Encryption can be understandable if its for backing up to the cloud. But when storing backup’s locally it should be perfectly fine and possible to do this. Had it been in kindergarten, perhaps…
I have just updated to 2025.1.1. As already known, there was no request to make a backup before start (I did this manually, of course). Thank you for the great development. If the development continues like this, the name should be checked again. Home → fits / Assistant → I’m not sure 
what about creating backups unencrypted locally every time, then crypt them only for the sake of uploading to the cloud?
Viruses are quite good at finding and exfiltrating credentials.
You know that the credentials are stored unencrypted on HA system (e.g. .storage>core.config_entries)? Where do you see the difference/reason to have to backup e.g. on the same system as local backup encrypted?
Your creds on HA are NOT stored encrypted. The minute someone has access to your HA box. They OWN it. They won’t go for the backup they’ll open a secrets file. There is no additional value to securing the backup if it’s never moved. If it needs to move off premises then best practice says it should be in a secured envelope (digital, physical or otherwise) but on my server it’s redundant and dangerous if I cannot access the file unfettered.