My Goal: Setup MQTT to use client certificates, where the certificate files are pre-existing.
The problem: The current MQTT UI requires uploading the files, which are then stored in core.config_entries. When HA starts it writes those to /tmp/home-assistant-mqtt/ for the mqtt client to load. I don’t want that, since my certs are issued via cert-manager (or a local ACME instance).
Can I just mount those certificates into /tmp/home-assistant-mqtt/ or is that not going to work as I want? My guess is it would cause a crash but I haven’t tested it either.
Edit: Feature Request: Load MQTT certificates from files. · home-assistant · Discussion #1235 · GitHub (found after making this post)
This is pretty critical for using client TLS properly, certificates expire, and rotating certificates via manually copying files and using a UI is not good, to the point that it makes the feature unusable unless client certs are given extra long lifetimes.