With a view to my Home Assistant going online directly rather than via Nabu Casa, I’m interested in understanding it better from a security point of view.
- Why is secrets.yaml any more secure that having the same password and other sensitive information in configuration.yaml? Other than that we are less likely to share secrets accidentally while diagnosing issues or otherwise sharing the latter. Nothing in the instructions makes secrets.yaml any less observable (different rights, folder location, …).
- Should such sensitive information not be encrypted, both at rest and in transit?
- How are configured secrets secured better/differently to yaml secrets?