homepage: read HA token from env var; stop committing it in plaintext
services.yaml now references key: "{{HOMEPAGE_VAR_HASS_TOKEN}}" instead of
the inline long-lived HA JWT (which was exposed in this public-fronted repo
and has been rotated + revoked). Secret now lives only in observability/.env
(untracked, mode 600). Add .gitignore for .env/secrets so this can't recur.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
+13
@@ -0,0 +1,13 @@
|
|||||||
|
# Secrets / credentials — never commit
|
||||||
|
.env
|
||||||
|
.env.*
|
||||||
|
*.env
|
||||||
|
secrets.yaml
|
||||||
|
secrets.yml
|
||||||
|
secrets.*.yaml
|
||||||
|
*.key
|
||||||
|
*.pem
|
||||||
|
*.crt
|
||||||
|
credentials
|
||||||
|
*credentials*
|
||||||
|
*.secret
|
||||||
@@ -200,7 +200,7 @@
|
|||||||
widget:
|
widget:
|
||||||
type: homeassistant
|
type: homeassistant
|
||||||
url: http://192.168.99.100:8123
|
url: http://192.168.99.100:8123
|
||||||
key: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiI1MmRhODYzMzFkMDI0NzhiODcxYzhjYjE4MGNhMWEwMCIsImlhdCI6MTc3MDYwODA3MCwiZXhwIjoyMDg1OTY4MDcwfQ.Nwq2auBILpZXsZI1g7mbE8JIBa5XrUwo599oEVCp2QQ
|
key: "{{HOMEPAGE_VAR_HASS_TOKEN}}"
|
||||||
fields: ["sensor.processor_use", "binary_sensor.update_available"]
|
fields: ["sensor.processor_use", "binary_sensor.update_available"]
|
||||||
|
|
||||||
- Cloud & Storage:
|
- Cloud & Storage:
|
||||||
|
|||||||
Reference in New Issue
Block a user