To use that same logic, if somebody “gets access to your HA instance” they’ll have control over a whole lot more than port forwarding (secrets.yaml contains tokens/keys to a lot of things). If anybody is upvoting this, and wants an immediate workaround, drop on by this thread and you’ll see what I’m doing for this