Store password as hash in .env

mtrossbach / noah-mqtt

A tool for integrating Growatt Noah 2000 home batteries with Home Assistant via MQTT, enabling real-time monitoring and control of your energy storage system.

Apache License 2.0

41 stars 2 forks source link

Store password as hash in .env #35

Open Syr0 opened 1 month ago

Syr0 commented 1 month ago

Storing the password as plain is horrible.

syngron commented 1 month ago

I just removed the hashPassword function in this line and used the hash directly as password: https://github.com/mtrossbach/noah-mqtt/blob/main/internal/growatt/client.go#L42

mtrossbach commented 1 month ago

While using the hashed password works in specific cases, it's not a sustainable solution for all users due to the complexities of Growatt's password hashing. Their non-standard and region-specific algorithm makes it difficult for most users to maintain them correctly if Growatt decides to change it (again).

Providing a way for users to hash their passwords would be ideal, but requires further investigation into Growatt's hashing methods for each region and API version.