tijsverkoyen
commented
4 months ago This is only logged in debug mode. Also: the password is stored in clear text in Home Assistant, as there is no way to encrypt this (as far as I know)
Closed JohnMcLear closed 4 months ago
tijsverkoyen
commented
4 months ago This is only logged in debug mode. Also: the password is stored in clear text in Home Assistant, as there is no way to encrypt this (as far as I know)
JohnMcLear
commented
4 months ago I'm 80% sure HA has a method for ensuring passwords are omitted from plugin debug logs but maybe that's core only as I can't see it after 1 minute searching online.
Can we at least leave this open as lots of the time plugin devs will say "send me your log file" and by default HA will spit out every plugin within scopes logs and this will include user/pass for third party services IE Fusionsolar.
Is it worth not trying to catch the error output from the auth attempt/request? That way user/pass wont be logged..
A quick Google for references:
tijsverkoyen
commented
4 months ago If I check the links, there is no solution to redact content from the logs. Feel free to create a PR that removes https://github.com/tijsverkoyen/HomeAssistant-FusionSolar/blob/master/custom_components/fusion_solar/config_flow.py#L79
I never ask people to share their credentials on Github itself, and I also remove credentials if I see them being posted here.
tijsverkoyen
commented
4 months ago I have removed the debug logging. See https://github.com/tijsverkoyen/HomeAssistant-FusionSolar/commit/cdc720db3cc008591f2fe303380b6f41b4b86f45. Will be included in the next release
For security reasons you don't want to output user/passwords to log files.