Just another security housekeeping, secrets for integration via GUI are stored in config/.storage/core.config_entries in clear and not secrets.yaml file. Is there a way to point it to secret file, I have tried changing the entry but HA fails to start.
If this is a missing feature, it is a critical one and needs to be addressed. Happy to raise it as a feature request if it is missing.
The purpose of the secrets file is simply to make posting your config online (Github or this forum etc.) easier because you won’t accidentally post personal info. The file is in no way protected / encrypted or hidden from prying eyes relative to any other files on your HA server. Are you really likely to post the contents of your core.config_entries file online?
I’m pushing all of it to GitHub (Private) except (secrets, db, log), I will be moving the secrets file to a vault and present it in run-time (not sure if HA will like it though) Whole idea is GUI based integrations should come alive on rebuilds. Hope it makes sense, Being in security space I kinda like the security hygiene over convenience