Password to login to iCloud is in plaintext ?

[Napolitain]

We can agree that it is not a good practice, and despite that it seems like it is the method choosed here. Maybe can we use a better strategy ? How would you convince users that it is safe to use ?

[gcobb321]

I’m not sure what you are talking about. Please clarify. Sending the password in plain text is the only way to log into the iCloud account using the only Python interface available. If you know of another way, let me know and I’ll review it.

[Napolitain]

To configure iCloud3, we need to fill the configuration.yaml file with the plain text password, as shown here.

Instead, we should probably use secrets.yaml files as shown in the official documentations here : https://www.home-assistant.io/docs/configuration/secrets/

Adding it to your documentations would increase security by default for everyone setting up iCloud3 integration 🙂

[gcobb321]

The next release will be a true Integration that eliminates the yaml configuration file. The current plan is to encode the username and password in the file that stores the parameters inside the HA environment

[gcobb321]

The password is encrypted in the v3 configuration files and somewhat hidden on the configuration entry screens. in v3. I hope to release a beta in November.and will let you know when it is available