UI to manage configuration.yaml and using hashed passwords in database

Hi everyone,

I am new to the HA community and I recently used HA for uni project to create a smart home. Everyone liked the ability HA but thought it was lacking two main features: secure use of user information and the restriction of needing to be tech savvy to use it. I wanted to talk about the former. These were people who look at innovative research and technology on a daily basis, and they saw potential for HA as an alternative to expensive hardware that comes with expensive software. What we did for the demo is use HA’s RESTful API to build a new frontend that was secure, which made those a little more comfortable. Our next step is to give the user power to edit configuration.yaml, but without them needing to know any technical aspects. So do a lot work behind the scenes to give the user a little bit of power. We didn’t do much work, in case I gave the wrong impression, but it was a simple proof of concept to an audience who hadn’t seen it before(University Directors, architecture professors , etc.). Now to the actual discussion, hope you didn’t mind tangent.

First: Hash Passwords
I found a ticket in the issue tracker about allowing hashed passwords(https://github.com/home-assistant/home-assistant/pull/1581) but I can’t really tell if it went anywhere. Has this gone anywhere? Either way, I feel that at some point HA will HAVE to use a more secure method of storing secrets that is integrated(not keyring, not plain text) to be a secure platform. I understand that maybe components need to be rewritten to handle not having immediate access to the secure information they need, but it would be useful to do one or more of the following:

A) Implement this feature if its been abandoned.
B) Make information about it’s current development easily accessible to track or contribute to its progress.
C) At least include it as part of some roadmap to know when this feature would be available and what other changes it will depend on.

Second: UI change
What I feel is missing is a UI that removes the technical aspect of editing configuration.yaml and leaves the user with the ability to manage device configuration from the GUI. I will actually be working on this for my uni project, but not on the HA frontend, but i digress. Home assistant has a community around it already, but as I mentioned before, it isn’t really useable by non-tech savvy people. HA really could be used by less tech savvy people who want a free universal IoT dashboard.

Final Comment

Perhaps these are long term goals that may not really fit into the scope of tasks in the issue tracker as of now, but it would be really useful to know where they fit in with the future scope of HA. If this question belongs somewhere else, please point me to the correct place, reddit didn’t seem to active when I asked about hashed passwords.

If this is ongoing, please point me to the who and where, I am certainly interested in contributing.

1 Like

Secrets can now be stored outside of the configuration.yaml file. This includes support for an OS keyring. #1581 was superseded by that change.

I think that we can’t be more open and transparent than we already are. Every new feature, change, or contribution is handled with a public pull request. There is no development done in the dark.

There is no explicit roadmap available but the public tracker can give you some insight into what is going on.

Configuration UI is already covered

2 Likes

I wouldn’t consider myself especially tech savvy when it comes to IoT or Python programming, but I have become so from participating in the forums. I think that it’s more the personal responsibility of the user to learn than the program developers to ‘dumb down’ the interface. There are other projects that do that quite well, but I think HA caters to a different audience of users; those users that aren’t afraid to learn a few new things in order to tap into an environment that offers an extremely extensible platform. It’s very different than a platform like SmartThings. ST started out much like HA, but has become a more consumer friendly platform due to the influence of Samsung and the need to address things like profitability.

As far as openness and tracking, you really need to spend some time on GitHub. Not enough users do IMHO. Again, I am not a dev, but I spend time browsing on the repo DAILY, looking at pull requests to see what is coming up in terms of fixes and new features so that I can be prepared. I also spend time in the issues section so I can see if any issues I’m having are being fixed or reported and also so that I can do a better job answering questions here, which also takes up a fair bit of my time (check my user stats if you want an idea). This is how I contribute back for the value of all that I am getting from HA. I answer questions here and at reddit as well as making tutorials and sharing what I have learned.

In short, if you want to see some of the features you mentioned implemented, it is incumbent on you to become more involved; that’s how Open Source works and has always worked. HA is unique among the open source projects I have worked on in that the community here is extremely helpful, super accepting of new users and the higher level devs are more approachable and open than any other project I’ve ever been involved in. For example, the person who answered your questions is not only a high level dev contributing code, but also is responsible for blogging and this community website. I was deeply involved in the Joomla CMS community and even contributed some code that is still in use but I think I only spoke with a senior dev twice in the years I was there.

1 Like

Didn’t mean to imply that there was anything hidden! I was just saying that if these were being on and that they were a priority, I definitely could not find them. However your answer is satisfactory! I guess I’ll continue working encrypting the API tokens and HA password for my own system then.

Also, the config editor is exactly what I was looking for :wink:

Thanks for your time :slight_smile:

I will resoundingly disagree with you on “it’s more the personal responsibility of the user to learn than the program developers to ‘dumb down’ the interface” in most cases. However, seeing as this is open source, you get what you put in. These are perhaps a difference between our philosophies and not for this platform, maybe I’ll see you on arguman :wink:

I do appreciate the feedback on open source projects, it’s a sign that HA has developed a good community! :slight_smile:

A UI to edit core config files brings with it a host of issues, not the least of which is security - something you yourself mentioned. If it was a feature that users really wanted overwhelmingly, it would have been created. HA users have voted on the subject in a few different threads and it isn’t a priority. Not my philosophy, it’s a group decision. If you feel otherwise, please feel free to contribute your code.

This code, like MANY other open source projects, was written by someone to address their own needs and then graciously shared with other like minded individuals who improved on it. If you feel that a super friendly consumer oriented UI is important to you, there are a few other projects you can look into like OpenHAB or SmartThings. Their goals are different.

Not sure what this is in reference to; you asked questions, I provided answers. I think it’s kind of a bold statement coming from someone who said “Hi, I’m new to HA. Now let me tell you which things are wrong with it.” Not really a great way to introduce yourself to a community.