You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am able to see secrets I've provided an application as arguments in my apps.yaml file. I specify the secrets in secrets.yaml and use !secret var_name in apps.yaml. However, I can still see the secret by navigating to the AppDaemon dashboard on port 5050 and viewing the app's arguments. The dashboard is accessible without a username or password on the local network. Please advise if there is a way to prevent this?
Clicking this discloses the secrets.
Version
4.4.2
Installation type
Home Assistant add-on
Relevant log output
No response
Relevant code in the app or config file that caused the issue
No response
Anything else?
No response
The text was updated successfully, but these errors were encountered:
Hi there - the secrets mechanism is intended primarily as a way to facilitate passing around of config files without having them contain sensitive information of this nature.
By design, the APP parameters are visible in the dashboard, passing passwords as parameters is inherently insecure in any case and there are better approaches.
AppDaemon doesn't give you any specific help here but it has all of python available to you. If I wanted to solve this issue I would put the passwords in a file and read them from the app during initialize. If you wanted to lock that down further you could manually encrypt the passwords using something like passlib.
What happened?
I am able to see secrets I've provided an application as arguments in my apps.yaml file. I specify the secrets in secrets.yaml and use
!secret var_name
in apps.yaml. However, I can still see the secret by navigating to the AppDaemon dashboard on port 5050 and viewing the app's arguments. The dashboard is accessible without a username or password on the local network. Please advise if there is a way to prevent this?Clicking this discloses the secrets.
Version
4.4.2
Installation type
Home Assistant add-on
Relevant log output
No response
Relevant code in the app or config file that caused the issue
No response
Anything else?
No response
The text was updated successfully, but these errors were encountered: