[openhabcloud] easy access to uuid and secret

I was trying to record an instruction how to configure OH so it allows using Alexa service with a Loxone device through the binding and I must say configuration of the cloud parameters come out as the ‘most complicated’ part of the tutorial. They are not really hard for any technically experience person, but what I want to say, there is a gap between how the rest can be now configured entirely over the UI and this.

Here are my questions:

  • Is there today any other method of obtaining uuid and secret than by reading them from the filesystem?
  • Could they be presented in the openhabcloud binding configuration? Would that somehow impair the security of the system? I suppose when user has access to the configuration of the openHAB through the UI, it really does not change much to present this data as well.

Thank you

1 Like

Well, I would probably say that if you find opening a text file to be too challenging then you are going to have a hard time setting up and configuring OH in general. Home automation is hard and it does require a minimum of computer literacy to be successful. That isn’t to say you can’t get there from here, but browsing to and opening a file is really basic, and it is something you will have to know how to do again and again as you configure OH going forward.

There is not anyway today that I know of to obtain the UUID and Secret except by reading it from the file system.

And yes, it would significantly weaken the security of the system if the Secret were presented in the UI. As it is now, when you enter the Secret into myopenhab.org, you have proven to the myopenhab.org servers that you own that instance of OH because the only way you could have gotten access to the Secret is through access to the file system on that machine. If it were presented in the UI, which has absolutely no user authentication or authorization built into it, all you have proven is that you have access to the network that your OH server is running on which is a much weaker assertion.

Furthermore, that Secret is the key to your entire home automation. With that Secret anyone can do anything you can on your OH instance including controlling lights, opening doors, or whatever you happen to have automated. You need to protect that Secret as carefully as you protect your front door’s physical keys or your WiFi password. At a minimum you should have to present a username and password before you can access the Secret. Since there is no way to do that in OH right now the only way to force that is to have you log into your server to read the file directly.