hello quick question i am trying to use the keypad widget and would like to store some pins but i don’t want to have them exposed in plain in a string item and recall them in plain in the rules. how do you guys go about this ?
You might change your thread title to “Keying in PIN” or something more on topic, to attract more knowledgable answers.
Most keypad widgets send individual keystrokes to openHAB server, where a rule can assemble the PIN and deal with timeouts, retry lockouts, etc,
A rule can lookup PINs from a text file or similar, so they are not held in Item at all. (Anyone getting access to rule or file has already compromised your system.)
Ultimately, OH isn’t a security system so it doesn’t yet really have the concept of secrets. It’s slowly moving in that direction but it’s not there yet by any means.
So you really need to sit down and consider what you are trying to do and what threats you want to mitigate. If having them in plain text anywhere is a deal killer, you probably need to find/make some software outside of openHAB to process the pins. Though perhaps simple file permissions is sufficient. Maybe hard coding them into a rule would be enough.
You have to think through what sort of attacks you think are likely to occur and mitigate those most likely to occur. “Secure all the things!” rarely leads to effective security. So be deliberate.
hello guys well that is how i do it now openhab is fully secured behind the firewall no opened ports so no worry. No this is not a deal breaker to have them in plain but after reading the forums and a little bit the docs did not yield anything. So that is why the question maybe someone has already implemented something i know i saw something in the forums about a satel binding and encryption so i was wondering maybe i can stirr some interest. For now it will do. thanks again