A better way to store Tasker credentials
I do Tasker tutorials, I also share the files for you to download. This means I have to be very careful what information I share with you guys. I don’t want my personal keys, passwords and IP addresses to be available online. I spoke about the most important Tasker variable before, and this time I will show you how to store and authenticate your Tasker profiles properly.
The idea is pretty simple. I want to have a single file stored on Google Drive which will contain all the security information. The file’s URL will be shared with Tasker – which will handle the credentials. Some of you will shout at me for making the file shareable through the link, but the chances of actually finding this file just by the link are pretty slim. If you have RaspberryPi and NodeRED you can serve this JSON file from your own server (tutorial here something that I will do personally) with increased security (providing your NodeRED is secure).
Creating JSON file for Tasker credentials
For an easy access, I’m storing the values as JSON file. This way I can quickly access it with AutoTools JSON Read action. The file has the following structure:
{ "NodeRED_IP": "192.168.1.183:1880", "HomeDNS": "DNS.ddns.net", "MQTT_user": "MQTTuser", "MQTT_pass": "MQTTpass", "HTTP_user": "HTTPuser", "HTTP_pass": "HTTPpass" }
Simply save this (edited to your liking) as credentials.txt and upload it to your Google Drive. Enable sharing by link and copy the URL. Pay attention to the URL as I need to change the way it has been constructed.
https://drive.google.com/uc?authuser=0&id=XXXXXXXXXXXX&export=download
Grab the file ID from your URL and enter it instead of the XXXXXXXXXXXX above. Now you have an HTTP Get ready URL for Tasker
Tasker credentials profile
[tabs tab1=”TASKER PROFILE: Set Credentials On Boot”] [tab id=1]
Profile: Set Credentials On Boot Event: Device Boot Enter: Set Credentials A1: Variable Set [ Name:%fileid To:XXXXXXXXXXXXXXXXXX Recurse Variables:Off Do Maths:Off Append:Off ] A2: HTTP Get [ Server:Port:https://drive.google.com/uc?authuser=0&id=%fileid&export=download Path: Attributes: Cookies: User Agent: Timeout:10 Mime Type:text/* Output File:Download/credentials.txt Trust Any Certificate:Off ] A3: AutoTools Json Read [ Configuration:Input Format: Json Simple Mode: true Json: /storage/emulated/0/Download/credentials.txt Fields: NodeRED_IP,HomeDNS,MQTT_user,MQTT_pass,HTTP_user,HTTP_pass Separator: , Timeout (Seconds):60 ] A4: Delete File [ File:Download/credentials.txt Shred Level:0 Use Root:Off ] A5: Variable Set [ Name:%NODEREDIP To:%nodered_ip Recurse Variables:Off Do Maths:Off Append:Off ] A6: Variable Set [ Name:%DNS To:%homedns Recurse Variables:Off Do Maths:Off Append:Off ] A7: Variable Set [ Name:%HTTPpass To:%http_pass Recurse Variables:Off Do Maths:Off Append:Off ] A8: Variable Set [ Name:%HTTPuser To:%http_user Recurse Variables:Off Do Maths:Off Append:Off ] A9: Variable Set [ Name:%MQTTpass To:%mqtt_pass Recurse Variables:Off Do Maths:Off Append:Off ] A10: Variable Set [ Name:%MQTTuser To:%mqtt_user Recurse Variables:Off Do Maths:Off Append:Off ] A11: Flash [ Text: DNS: %homedns HTTP User: %http_user HTTP Pass: %http_pass MQTT User: %mqtt_pass MQTT Pass:%mqtt_user NodeRED IP %nodered_ip Long:Off ][/tab] [/tabs]
On boot, Tasker will download the file and store the credentials locally. The global variables will get updated and the file will be removed. To increase the security of Tasker, simply add the passcode to it. Going forward, all you have to do to change your credentials is update the credentials.txt and reboot your phone.
Please note that we are storing the credentials in Google Docs, so to edit the file you have to use some sort of text editor. I’m using Anyfile-Notepad – this way I can modify the file in Google Docs and the changes will apply on the next reboot of the phone. Alternatively, use Google Sync, and you can edit the file directly from the Windows’ notepad.
Assign Global Variables
AutoTools JSON Read action will read the JSON file from the text file and make it all available as local variables. If you want to learn more about JSON structure, I have a tutorial about it too. To access each value, you have to look for the “key” name. In the “Fields” option list:
NodeRED_IP,HomeDNS,MQTT_user,MQTT_pass,HTTP_user,HTTP_pass
You will have the values available as %nodered_ip, %homedns etc. Use the variables to set your corresponding Tasker variables.
Once you have the variables assigned, it’s cleanup time. Delete the credentials.txt file using Tasker – File Delete and secure the Tasker with a password.
Conclusion
To increase the security of the setup, you could store the credential.txt on your own server behind the authenticated HTTP request. You could totally set one up using NodeRED. This way, the file is not shared with any other parties. You can enhance the modified EventGhost credentials too. Take a look at this tutorial to learn how to store the credentials globally in the EventGhost.
As you can see, storing Tasker credentials this way can help you manage it better without the risk of sharing it accidentally with others. Also, any changes made to the file would apply globally after the reboot. It will save me a lot of work, but I have to adjust all my connected profiles first. You can grab the ready-made files from here (Patrons get 3- day early access to all tutorial files) and support me in the process as well.