Probably the simplest implementation would be to add either traefik or nginx as a tiny reverse-proxy in front of frigate in the docker-compose.yml with a basic user:pass pair, and then have port 80 exposed there, punching through to port 5000 on frigate.
The frigate instance could expose port 5000 only to the traefik/nginx container, then.
Haven't looked into Home Assistant support for this—hopefully whatever connector there is, it supports HTTP basic auth.
It looks like Frigate intentionally doesn't provide any authentication method (see: https://github.com/blakeblackshear/frigate/issues/1074).
Probably the simplest implementation would be to add either traefik or nginx as a tiny reverse-proxy in front of frigate in the docker-compose.yml with a basic user:pass pair, and then have port 80 exposed there, punching through to port 5000 on frigate.
The frigate instance could expose port 5000 only to the traefik/nginx container, then.
Haven't looked into Home Assistant support for this—hopefully whatever connector there is, it supports HTTP basic auth.
For traefik, see: https://github.com/blakeblackshear/frigate/issues/1726#issuecomment-951064937
And the official docs mention Apache2/Nginx configs (but don't suggest how to implement them through Docker/Compose easily.