GPG secret encryption

[thekoma]

Encryption of secrets.yaml

Is your feature request related to a problem? Please describe.
I'd really like to keep track of my passwords in a secure way.

Describe the solution you'd like
GPG encryption would be a good way to cypher the secret without risk of exposing them

Describe alternatives you've considered
I've also thought about vault them with ansible.
But a GPG encryption is much more harder to get into.

Additional context
Encrypt with GPG is pretty secure as is possible to keep the public key into the program and the private in a inaccessible wallet somewhere.

If this idea makes sense for you i could try working on it.

[Poeschl]

I guess you are targeting my git-exporter addon with that idea. Am I right?

First 😁 :
I wouldn't recommend to push any password in an public space in the first place (encrypted or not). The encryption might be strong and secure now, but nobody can tell what the future brings us. If its an git space at a not self-hosted provider or an pseudo-safe space encryption is the key to keep the providers eyes out.

So the encryption would be mutal to the git-secrets check. So the secrets.yaml content will be encrypted and pushed. Sounds good to me. Maybe one thing, since I think its not something a simple HA user will be use 😅, it should not add too much complexity in the config.

Happy to receive your PR

[thekoma]

Yeah I would never push the repo in public.
The idea is to keep the secret into the repo to keep track of the version but at the same time not expose the password even if in a private repo.