Encrypt/Decrypt App Preferences

jmpierce · May 25, 2020, 3:16pm

So I have what I hope is an easy question (I'm new to HE). I'm working on an app that requires me to store a user-provided username and password for a third-party service. For obvious reasons, I'd like to encrypt the password so it's not stored as plain text.

Using the encrypt/decrypt methods are easy enough, but what is the best approach for transforming data values before/after storage? As an example, I can encrypt the password in the installed() or updated() methods and decrypt it for any web service calls it's used in. But how would I decrypt it when the value is placed back in the HTML form field for when the user updates their preferences?

Any suggestions or guidance is appreciated!

djgutheinz · May 25, 2020, 3:19pm

Use the data type password for password. Example app entry below:

	section("<b>Enter Kasa Account Credentials</b>") {
		input ("userName", "text",
			   title: "TP-Link Kasa Account E-Mail",
			   submitOnChange: true)
		input ("userPassword", "password",
			   title: "TP-Link Kasa Account Password",
			   submitOnChange: true)
	}

jmpierce · May 25, 2020, 3:23pm

Yep, I'm already using the password form field type. So that value is automatically encrypted when stored in the HE database?

djgutheinz · May 25, 2020, 4:06pm

I believe that is the case. I know for certain it is not displayed.

@mike.maxwell - can you confirm that data type "password" is encrypted within the Hubitat database?

Dave

mike.maxwell · May 25, 2020, 4:32pm

Contents of a password field are not encrypted.

jmpierce · May 25, 2020, 6:32pm

Yeah, I didn't think the field was encrypted by default. So back to my original question: Are there any best practices for transforming user-provided preferences pre/post storage?

mike.maxwell · May 25, 2020, 9:10pm

I don't think most folks worry about it, but if you wanted to be super secure use the password field, copy that to an encrypted state var then clear the preference, all in the updated method.

jmpierce · May 25, 2020, 9:43pm

That's basically what I was doing, but it forces the user to re-enter their password every time they update the preferences. Let me boil my question down a bit more: Is there any way to set a value on an input field? For instance, if the field were generated via HTML template, I could do something like this:

<input type="password" id="field_id" value="${password_variable}" />

Where "password_variable" would have had its contents decrypted prior to displaying the form field.

And to your point of most folks not worrying about it, I would counter that most wouldn't even give it a second thought until they're subjected to an account being compromised. But by then it would be too late, which is why it's important for developers to enforce best practices; Such as always encrypting resting passwords.

Perhaps this is something the HE team could consider as a feature request: Add a flag to allow field contents to be encrypted in the database.

Anyhow, thank you for the responses.

mike.maxwell · May 26, 2020, 2:08pm

don't update the password if the password field is null or "" (whichever of the two works in this case)