Yeah, you’re prob’ly right. I think it’s recognised that the automated configurations can’t do everything that HA is capable of.
I’ve spent 30 years learning C, LabVIEW, Python (and a few bespoke safety critical languages), so what’s another one? 
If by configuring you mean tapping on the configure button and checking the box for discovery and tapping OK then yeah… it still needs ‘configuring’
Yeah, it’s like that for a bunch of devices but for something like MQTT that needs you to enter a username/assword, or duckdns that needs a domain name, or letsencrypt or any number of other things that still require you to do some kind of configuration you still have to manually edit files somewhere.
No you don’t need to enter a username/password for MQTT. You do not need to do anything at all for the Mosquitto addon. It will then use a HA user - so in Tasmota, you configure that with a HA username and password. I did actually create a HA user for MQTT - not because I HAD to but to make it so I didn’t have to reconfigure all my switches. I just created a HA use with the MQTT username/password - but if you were starting out you would/could just use the HA user for Tasmota and then there is ZERO config for MQTT Integration or broker.
IMO the reason people get hung up with MQTT is because they make it way harder than it is by using out of date guides and configurations sprayed all over the internet. If they just followed the docs here instead they would be up and running in less than a minute.
1 Like
How does it know which HA user to use?
It doesn’t matter which HA user you use. It doesn’t care. But in Tasmota, you need to set the MQTT username and password by entering the HA username/password.
You can use ANY HA user for that.
But don’t you have to know which user it uses so that you know which username and password to set in your Tasmota devices? Does it tell you which user it is using?
I think you need to read what I said as I’ve said it multiple times but it’s not sinking in! It will work with ANY HA user. Set Tasmota to use ANY HA user.
So it sets every username/password that you have set up in HA as a possible username and password combination so it doesn’t matter which of those you use it will work with any of them.
That’s the part i was missing and/or that you didn’t make clear.
Thanks for explaining.
However, my point still stands that there are add-ons and/or integrations that you will HAVE TO enter some kind of configuration for. Maybe not this one but there has to be others.
Correct.
Yes but this thread is about MQTT integration and broker.
It’s hard to describe them as “out of date” guides when they’re hosted on the HA website. I think it must be possible to still use the “manual” way.
It’s been lie this with everything I’ve tried to do lately. Have you ever tried to do ANYTHING in Linux? Often the answer is “there’s loads of information about that on the internet” or “have you done xyz” where xyz is meaningless gobbldygook, too.
You can for sure still use the manual way…
I’m afraid I didn’t quite follow the “I made a HA username so I didn’t have to reconfigure my switches” thing.
I do understand that you can configure your switches to use any of the already existing HA usernames, as HA only uses the one authentication model, and I’ve also learned that you can use anonymous authentication.
My next hurdle is when I come to add something that’s NOT a Sonoff / Tasmota, without diving into configuration.yaml. We’ll see…
Now, I’m off to figure out how I can safely expose it to the internet by DDNS and switch on my outdoor lights from work.
Well I was using sonoff devices with the old config and already had a mqtt username and password. So when I switched to discovery I could have edited all my switches and used a HA username and password or, (what I did) was to create a new HA user using the mqtt username and password already set in tasmota.
since this is your thread and you brought it up… 
my recommendation is to start off the safest (but most reasonably easy) and use a VPN. no ddns required, the connection is encrypted and you can rely on more than a simple username/password combination by using authorized keys .
i went the duckdns/letsencrypt route until i realized that i was literally protected by a password (not even a username), then i went the NGINX route as “the next great thing” until i realized it had the same flaw. the HA started using a username/password/mfa/token system so it was better. but then i realized that it was so easy to use a VPN using a spare RPi i figured why not. Then I had the realization that my ASUS router had a VPN server built in! and i never looked back from there.
I get that DavidFW is saying that you don’t NEED to set up an MQTT username in HA, as HA shares the uname/pw database across the plugins internally, but I also understand finity’s question: how does IT (mosquitto) know which username to use? It must have to login to HA at some point.
Turns out my TP link also has VPN, but it calls it IPsec Tunnel. Great. Another learning curve.
Ah, shit. Scratch that. It looks like IPsec tunnel only works between two TP link routers…!
Actually it’s the other way around. HA logs in to the broker and subscribes/publishes as necessary. You only need to put in the user/password that the broker requires into your devices so they can log in. It seems in this case you could put any HA username/password in that you want into any device and it should theoretically work.
It would be an interesting test if someone (not me since I don’t use hassio) could set up a few different MQTT devices and point them to the same broker but using different HA usernames and passwords and see what happens.