Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use secrets.yaml for API keys #1864

Open
gcoan opened this issue Jan 9, 2025 · 3 comments
Open

Use secrets.yaml for API keys #1864

gcoan opened this issue Jan 9, 2025 · 3 comments
Labels
enhancement New feature or request

Comments

@gcoan
Copy link
Collaborator

gcoan commented Jan 9, 2025

Is your feature request related to a problem? Please describe.
At present Predbat provides the ability to configure various keys within apps.yaml, e.g.:

  • HA API Key
  • Solcast API Key
  • GE Cloud API Key
  • Possibly others for other non-GivEnergy inverters, IDK

This is insecure because if the user shares their apps.yaml file or the predbat debug file - e.g. in a github issue - then these API keys are available to anyone who reads the github issue

Describe the solution you'd like
Predbat should use /config/secrets.yaml which is the HA standard way of configuring passwords and other sensitive information within HA and minimising them being shared (as secrets.yaml need normally never be shared)

Describe alternatives you've considered
Potentially could move these API Keys to HA controls so they are not inside apps.yaml, but doesn't seem a good solution

Provide an obfuscation/ removing of keys in the debug.yaml file when Predbat creates it - this solves the problem for the debug file but not apps.yaml

Have a separate predbat_secrets.yaml file - probably least-worst alternative. Would be better if we could use the standard secrets file though

@springfall2008 springfall2008 added the enhancement New feature or request label Jan 11, 2025
@springfall2008
Copy link
Owner

Good idea.

BTW: The predbat_debug.yaml does remove keys

@gcoan
Copy link
Collaborator Author

gcoan commented Jan 11, 2025

Good idea.

BTW: The predbat_debug.yaml does remove keys

thanks Trefor, it appears to keep my GE cloud key intact in the debug file 😬

@springfall2008
Copy link
Owner

Good idea.
BTW: The predbat_debug.yaml does remove keys

thanks Trefor, it appears to keep my GE cloud key intact in the debug file 😬

Okay that's a bug, let me check

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

2 participants