I am concerned with my Rinnai login credentials sitting in plain text on the Homebridge config file. Is it possible that they can be point in time encrypted/decrypted? This is how most network vendors handle this problem (passwords in text config files).
While this is absolutely a valid request, I'd like to point out a couple of things.
The Rinnai API is not in anyway secured...so anyone with your email address and IP address can control your water heater. This is a huge vulnerability that I can't believe that they haven't addressed. This plugin, however, enforces authentication before allowing control.
A would-be attacker would have to have access to your local network to see this information. If they have this, they can already control your devices and/or modify your Homebridge config.
I am concerned with my Rinnai login credentials sitting in plain text on the Homebridge config file. Is it possible that they can be point in time encrypted/decrypted? This is how most network vendors handle this problem (passwords in text config files).