One major advantage of Home Assistant is that it is not dependent on cloud services. Even if you are only using Home Assistant on a local network, you should take steps to secure your instance.
Here’s the summary of what you must do to secure your Home Assistant system:
- Centralize sensitive data in secrets (but do remember to back them up)
Note: Storing secrets in
secrets.yamldoes not encrypt them.
- Note: Storing secrets in
- Regularly keep the system up to date
Another option is to use TLS/SSL via the add-on Duck DNS integrating Let’s Encrypt.
Besides the above we advise that you consider the following to improve security:
- For systems that use SSH set
PermitRootLogin noin your sshd configuration (usually
/etc/ssh/sshd_config) and to use SSH keys for authentication instead of passwords. This is particularly important if you enable remote access to your SSH services.
- Lock down the host following good practice guidance, for example: