Secure way to open HA to the internet? How to protect secrets.yml file?

Configuration
1

Hey people,
After playing a little bit with my installation, I realise that to do a proper integration with IFTTT and Google, I have to open my HA installation so they can post information and trigger automations.

Since my secrets file have so many password in plain text, like my spotify account, and other important password, how are you protecting your instalation?

Just to give an example, In the past, Wordpress installation (blog) got bugs, that allows people from the blog to access system file, with this, it was easy to read file contents. Also with wordpress, there is a version where there was a bug with the login system.

What I am saying is, if there is a bug inside HA, all the secrets.yml will be exposed. I am not talking about exposing a simple blog, but expose multiple services at the same time.

Can you share a little bit, what are you doing about it? Or the way, is we have to accept and move on?

2

I haven’t tried this myself, but since Nabu Casa (HA Cloud) now works with webhooks I don’t think you will have to expose your HA to use IFTTT.
You should be able to send a webhook from IFTTT and use the Nabu Casa link to trigger something in HA.
If you don’t use Nabu Casa then… well you’ll have to expose your HA :wink:

https://www.nabucasa.com/config/webhooks/

3

I am not sure what the attraction is for ITTTT.

When I tried it, I was lucky to get a response hours later unless I manually triggered the recipe to check. I verified HA was sending the webhook. IFTTT was not listening :frowning:

4

The camera that I have here (myspotcam) only connect via IFTTT :frowning:

1 Like