Home Assistant
Service Credentials: Header Client ID / Secret #2495
Replies: 2 comments
-
|
There's a PR that might be useful but it was rejected: home-assistant/iOS#2596 A somewhat related security improvement (mTLS support like it already exists for the android app): https://github.com/orgs/home-assistant/discussions/1078 |
Beta Was this translation helpful? Give feedback.
-
|
I don't understand why it's rejected. It's a solid solution that can be turned on when you wanna use it. your HA is behind a solid service, with a solid way of working. And only that is needed are those headers. Team of HA will say: That you wanna access HA public that's ok, but with the security rules we create, not wanna lean on other GOOD working security options. Even when it's a manual turn on setting in the iOS App. Disappointed at the moment about HA after 6 years..... :( |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Describe the feature
I don’t know how many people have the same idea, but it would be nice to have a extra security option into the iOS App.
Service Credentials:
Header and client ID
Header and client secret
When this is enabled it iOS app I can (in my situation) create a policy in Clouflare Zero Trust to only allow access to my HA device only with my clientID en secret. Otherwise block the access.
This is an extra layer of security I wanna use with Cloudflare. I have more iOS apps that support this and its a great thing to use.
Use cases
Better security and the HA is not accessible when its behind Zero Trust with policies rules.
Examples
I use lot of iOS apps that support this. My endpoints are behind the Zero Trust and only accessible when the headers from Cloudflare are matching.
Anything else?
Hope this extra feature will make the iOS app and HA server (behind zero trust) even more secure.
Beta Was this translation helpful? Give feedback.
All reactions