Hubitat + Pushover: the security solution


Wanted to share my thoughts on Hubitat security after using Hubitat for a few weeks.

At the end of the HSM tutorial video, Hubitat’s Joe proclaims that we can “bask in the glory of your securely protected home”.

Well… not quite yet, Joe… (or whatever the name is..) :wink:

First, let’s get professional monitoring out of the way here - I will limit this conversation to self-monitoring only. I will just say that self-monitoring is quite sufficient for many households in my opinion, and you could avoid false alarms and dispatch the police yourself with even better results, but I don’t want to have that debate here - big separate discussion.

Then, there is the obvious lack of battery and cellular backup. This is not unique to Hubitat, same problem with SmartThings and some others. However, based on my experience, even when those features are provided out of the box, they are often kind of finicky and limited. I would say that it’s a better long-term approach to set up your own UPS and cellular router regardless which hub you have. If you are doing it for the first time, it will be a hurdle to figure out (router w/SIM support, data SIM card, etc), but in the end it’s solvable in a straightforward way if you are a Hubitat kind of user with a DIY attitude. I also don’t want to go into detail on this here – big topic, separate thread.

I’m going to focus on the cloud component here, and how it matters for self-monitoring. Hubitat’s concept of fully local processing is very wise. They recognize that cloud processing is not necessary for home automation (in fact, detrimental), and not even necessary for most of security monitoring tasks. Hubitat gives you reliable local processing, AND avoids maintaining complex cloud infrastructure, a win-win on both sides. But, if reliable self-monitoring is the priority, there are exceptions that do require the cloud, and Hubitat’s position of not saving any data in the cloud results in a few shortcomings, specifically in situations where a home intruder disconnects or smashes the hub. Here are two big ones:

  • Notifications have to have guaranteed delivery via the cloud. If your phone is offline during a home intrusion (e.g. on an airplane), and the intruder gets to the hub, the cloud notification service has to ensure that your phone eventually gets all notifications that the hub dispatched before it gets busted…better late than never.
  • Sensor event history has to be available off-site. If you get an alarm notification, but the hub is offline by the time you see it, you cannot get to the sensor history (Hubitat dashboard is down when hub is down), so you will not be able to review motion sensors events to determine if this was a false alarm or the real thing. False alarm assessment is critical for self-monitoring, and the event history, especially the motion sensors history, is the key (unless, you have a separate cloud camera system to supplement Hubitat, but here I’m talking about Hubitat alone)

You could argue that SMS notifications are reliable because many carriers retry delivery for some time before giving up, but it’s carrier specific. Alternatively, you could set up a Google Voice number which persists SMS in the cloud. The bigger problem is the 10 SMS/day limit with Hubitat. Because notifications are also your solution to saving the sensor history. The workaround with Hubitat is to set up notifications on each security sensor event while you’re in the Away mode. Hubitat makes that really easy – just 2 custom alert rules in HSM, one for all contact and shock sensors, and the other for all motion sensors. But 10 SMS/day is not enough for this.

This is where Pushover comes to Hubitat’s rescue. Pushover is a cloud notification platform, and as such, your notifications are saved in the cloud until they are delivered to your device, and subsequently stored in the app. This way your sensor events are always delivered to you regardless of what happens to the hub afterwards. Between Hubitat and Pushover notification configurations (priorities, group delivery etc), there is lots of flexibility to set up Pushover as your notifier and event history collector. As a matter of fact, even when Hubitat releases a mobile app, I still plan to retain Pushover for all my notifications.

There might be other situations where cloud is required…I can’t think of any right now, and so far I’ve got all the essential self-monitoring functionality I need. The way I see it, for self-monitoring Hubitat+Pushover is a fully functional DIY security platform. Pushover is the Hubitat’s missing cloud component that fills the gap.

People say Hubitat is home automation, not security. It’s true that Hubitat security is not provided as turn-key (e.g. like in IRIS or Ring), but it’s all there out of the box (apart from a separate hurdle with cellular and a battery backup), and you don’t have to be a hardcore techie to set it up – if you have a DIY inclination and willing to walk through a number of screens as a one-time exercise, it’s quite straightforward and does not take a lot of time - assuming you know exactly what to do. That last part is where Hubitat should do a better job in their documentation – they should put up a better self-monitoring setup tutorial with all core security components tied together: HSM, keypads, and Pushover. Right now, the biggest time waste with Hubitat security is spending some hours browsing through their forums and docs to tie it all together, and it does not have to be that way. Once I knew what I had to do, it literally took me less than an hour to set up all my security parts and forget about it.

Anyway - I welcome your comments on the cloud aspects and security essential features.

…and with that, you can now bask in the glory of my guidance, while Joe will be indicting me to the Hubitat Hall of Fame for pointing him the way out from Hubitat insecurity confusion to the secure light of clarity…or whatever..:rofl:


I agree completely! In fact I got into home automation primarily to create a self monitored security solution since I was sick of paying for someone to "monitor" my alarm system. Hubitat combined with security cameras has been a great with outdoor motion detection and notifications I can verify who is outside my house before they break in a trip an alarm giving me even more advanced notice to alert the police. As you mentioned the only caveat is if I am somewhere with no service (ie airplane etc.) but I have it setup to notify a friend, neighbor or relative in those situations who can then check on my house.

Nice writeup for the new users.


Another vote for self monitor security. Been running it since 2015. Having some knowledge about professional alarm services, nearly 90% of all alarm calls dispatched turn out to be false alarms. In some areas the police bill you after two false alarms. This goes for both business and residential. Listening to police radio traffic clearly lets you know that when they get dispatch for an alarm drop, they aren't breaking their neck to get there. And if its a busy time alarm drops are lower priority. In the case of self monitoring if you have personal confirmation you home is experiencing a breaking calling the police (local dispatch, not 911) will save many minutes getting the call out on the radio. If the police believe there is an actual break in in progress they WILL give it more attention.

Bypassing the professional monitors can save at least five minutes in time they waste trying to call the owner first before calling the police. However, self monitoring isn't for everyone. Many people won't invest the time to build out a system like that so they just pay through the nose for slow crappy service. Its the way of the world.


Nice, good to know. You're confirming what I've suspected.

Let's move pro- vs. self- monitoring discussion to another thread. I want to focus on Hubitat features here, otherwise this thread will get out of hand quickly.

My point is, Hubitat+Pushover's got all you need for self-monitoring, although not all the features are evident upfront, and you need to spend some time setting it up.


virtu, I could continue this discussion from a philosophical perspective since I'm an InfoSec guy for 20 years, but you've hit the main points on the head. Nice post.


I totally agree. I just spent more hours than I wanted to just simply trying to figure out how to get my keypad to beep on a contact open event. It is buried under custom commands and motion. Who would have to look there? (thanks @ogiewon). I am still trying to figure out how make the two button press for panic work.

A security tutorial is definitely needed or at least document how to effectively setup and use the supported keypads. What is in the docs is woefully lacking.



There’s a couple of tasks for you;

  1. searching for “two button press for panic work.” I’ve seen it mentioned before and recall that some pads do not support it ! Even if they look like they should.
  2. write up a security implementation. I’m pretty sure the HE guys won’t stick their necks out for that one. Not being a US company. Too many lawyers :blush:


Yeah. Just finished the research on it. Apparently the dual police buttons on the Centralite version I have does nothing.

I hear you on the security implementation.

My gripe is the documentation on the keypads and Rule Manager. I should not have to beg for help on the forums and hope some kind user jumps in to help. If @ogiewon had not helped, I would still be grinding my teeth and pulling hair trying to get a farking beep out of my key pad.