Skip to content

Commit 6680c0d

Browse files
justin8Landrash
authored andcommitted
Add documentation on using credstash as a secret store (home-assistant#2988)
1 parent fda6aa2 commit 6680c0d

File tree

1 file changed

+23
-0
lines changed

1 file changed

+23
-0
lines changed

source/_docs/configuration/secrets.markdown

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -89,3 +89,26 @@ Please enter password for encrypted keyring:
8989
<p class='note warning'>
9090
If you are using the Python Keyring, [autostarting](/getting-started/autostart/) of Home Assistant will no longer work.
9191
</p>
92+
93+
### {% linkable_title Storing passwords in a keyring managed by your OS %}
94+
95+
Using [Credstash](https://github.com/fugue/credstash) is an alternative way to `secrets.yaml`. They can be managed from the command line via the credstash script.
96+
97+
Before using credstash, you need to set up AWS credentials either via the `aws` command line tool, or using environment variables as explained in the [AWS CLI docs](http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html) as well as creating a KMS key named 'credstash' as explained in the [credstash readme](https://github.com/fugue/credstash#setting-up-kms). After that is complete, you can use the provided script to add secrets to your Home Assistant secret store in credstash
98+
99+
```bash
100+
$ hass --script credstash --help
101+
```
102+
103+
To store a password in credstash, replace your password or API key with `!secret` and an identifier in `configuration.yaml` file.
104+
105+
```yaml
106+
http:
107+
api_password: !secret http_password
108+
```
109+
110+
Create an entry in your credstash store.
111+
112+
```bash
113+
$ hass --script credstash set http_password
114+
```

0 commit comments

Comments
 (0)