Encryption of secrets.yaml would be nice. I know: you have to secure youre ha the best way possible but it would be nice. Just for extra safety
1 Like
Native secrets encryption would be nice.
I have an alternative method that’s been working great using hashi vault. Secrets are stored in vault and injected into the container on container startup.
Just think about it – why do you want the encryption?
So that nobody besides you can see the passwords. That can [should] be solved by access control list [users, groups] – authorization mechanics – which are basically absent in HA [sad face].
What can secrets file encryption give? Nothing. HA needs to decrypt the file, so it needs to store the master password to other passwords somewhere.
If you put the master password in a file, you just made inception, my man.
If you put the master password in RAM, what happens after restart? You type the password?
Anyway, if HA “knows” the master password [by having it in hard or volatile memory], anybody with access to HA can therefore retrieve the master password. UNLESS, authorization again.