my question is about .things and possibly .cfg and not .rules, please kindly point me to the right place to post it if this is not the right one, TIA
So I finally migrated my MQTT use from the old 1.-Binding to the newer one and everything appears to run smoothly, just one bit irritates me:
with the prior config I had the secrets like mqtt user, password, server in a file for themselves in services/mqtt.cfg. Nice for working with github, one line in the .gitignore file and all the secrets stay at home.
But now it is all merged together in the .things file, I have a mqttConnections.things that looks like this:
Short answer is no. I’ve seen some discussion about a way to support secrets in OH but at this time the username and password has to be defined on the Thing.
But, you can define that Bridge thing in it’s own .things file and configure your .gitignore as appropriate.
Like Rich said, there is no option to separate secrets in their own include file (like HA does) and exclude them or otherwise secure them.
Besides excluding files, there is an - be it somewhat more involved - alternative option to use git-crypt to automatically encrypt/decrypt specified files or directories containing secrets when pushing/pulling to/from a Git server (like Github).
I would very much like to see this implemented as well. I have an Arduino set up via MQTT to report my garage door status to openHAB, and I have a separate secrets file in the Arduino project for MQTT credentials, as well as the Wi-Fi password. I would like to do the same in openHAB, not only for MQTT Things, but also my IP camera credentials.
Yes with the idea that multiple people can add a bounty and draws the attention to a feature with a reward. Openhab 3 is bringing more security features just not sure what they will be.
I’ve solved this issue by using Maven and using maven-resources-plugin to filter the configuration files. This way, I can put my configuration files into github and configure the sensitive information, like usernames, passwords, home locations, etc. into a separate maven profile, which can be configured in ~/.m2/settings.xml.
Another nice thing is that I can do an auto-deploy to my openhab test environment, which is hooked into the maven lifecycle.
I’ve added my pom.xml as an attachment as an example. The idea is that the sources are placed under src/config and after executing ‘mvn package’ the configuration files, which now includes the sensitive data, are written to target/config.
When you want to auto-deploy the configuration files to your openhab server, you just have to execute ‘mvn deploy -P local,deploy-to-openhab’, where ‘local’ is the profile that’s configured in settings.xml which holds all the parameter values.