Password Storage Options/Concerns

My HA build is coming along nicely. Some hiccups here and there that I wish I could fix but have not risen to the level of I need to fix it right now though my HVAC slider issue is becoming a thorn in my side.

That all said, I have some concerns I am about passwords within HA that I hope someone will hear and perhaps point me in the right direction before I get too far along in all this.

I do have secrets.yaml set up. I posted not terribly long ago about where I could store that and still make use of it and I don’t think it got any replies. I am probably overly concerned about all this but nonetheless, my philosophy is lay the foundation well and everything built upon it will be good as well. I know the documentation says you can use a keyring to store passwords, but I believe it also says if you use the Python keyring, you loose the ability to autostart HA. So what good is that? And, what other options are there?

I don’t have any immediate plans to put my configurations on GitHub but I would still like to learn what I can do to protect my passwords. Locating them in a ‘secret.yaml’ file seems a bit risky as everything is in that one file, get a hold of it and it’s off to the races. Are there any ways within HA to encrypt the file? Can the passwords be put into a database or something like that and still be referenced by HA.

I am adding IP cameras to my set up now and that seems even worse because if you make API calls I ‘think’ you have to expose your login details in the URL, but I reserve the right to be wrong on that one.

At any rate, just wanting to start a conversation on this and perhaps explore options available.

If you use https, the URL is encrypted by the TCP layer, so this should not be a worry.

Who do think is going to have access to your secrets.yaml file?

An alternative to using secrets.yaml;