MQTT Password File

Are we able to use a password file within the openhab system to store MQTT passwords for connection to MQTT brokers?

This would be instead of having the password stored as plain text inside the mqtt.conf file.

Overkill maybe. I understand access to my Pi is restricted by a password, I would just feel better if I didn’t have plain text passwords stored inside config files.

Maybe mosquitto itself doesn’t support authenticating in this manner.



Long term I would like to see some sort of central mechanism inside OH for all bindings to store passwords in an encrypted store. But that would be a huge job and lower priority task over some others taking place. In the mean time, as Dim indicates, the answer is no. We must either configure the broker to not require password to log in or have the password in plain text in the cfg files.

To mitigate this, assuming you have Mosquitto running on the same host as OH, you can configure a listener in Mosquitto that does not require a password and only allow connections to that listener from localhost. You could go one step further and set up the host based firewall to prevent any other computer connecting to that port. This lets you eliminate the password from the text file but would only let software running on the same machine to connect to it without a password.

Whatever you do, do not change password for Mosquitto broker, like I did.
See here: OH2.2 MQTT binding can't be used after changing password for Mosquitto broker

1 Like

My broker works fine, it was just a wondering really.

Another smal issuel, in my config I have my broker set up with ‘openhab’ as the broker name, all other brokers commented out (#ed). When openhab starts it tries to connect to a ‘mosquitto’ broker, even though there is no broker with that name.

Do I have to have the original broker (the mosquitto definition that is in the config file to begin with) enabled also?

Thanks Rich, that cured it.

It’s so nice to view the log and not see any red lines.