#Backups

1 messages · Page 1 of 1 (latest)

grand bridge
#

Chat about the development of backups 💽

quartz cairn
grand bridge
#

🤣

robust aspen
#

I really like the idea of storing encryption key for backups in a passkey! https://confer.to/blog/2025/12/passkey-encryption/

Confer Blog
Making end-to-end encrypted AI chat feel like logging in

We want private AI chat to be simple. Yet today, many end-to-end encrypted experiences still have a level of friction that make them feel like they’re from another era: it usually either involves a long seed phrase users are asked to “store securely,” insecure password based encryption, or apps that aren’t cross-device and lose your data...

rocky swan
robust aspen
#

Is it ? I thought it's in all browsers and OSes

#

Make a proposal for pass key in HA, we're not against but it's an impactful change

rocky swan
#

From your linked article

IMG_6531.png
rocky swan
robust aspen
#

That article talks about extension, not the core passkey

rocky swan
#

But you'd need said extension for passkey backups don't you

robust aspen
#

Oh sure! I was thinking about doing it for login first

rocky swan
#

your last comment regarding passkeys that I remember was that you were worried people would lock themselves out of HA on other devices

robust aspen
#

Yeah but the implementation has matured. I still think it's bad if it's the only way to log in

#

But if we can guide people to add passkey, and make it later optional to remove password

#

WebAuthN will be an authentication provider

#

I believe I left some comments for improvement on the last attempt

#

So we have a challenge in that username is part of the HA provider

#

And tied to password

#

I believe the last implementation was pulling from that provider but as per the docs I just linked, that link cannot exist

rocky swan
#

And didn’t you want to externalize passkeys to OIDC then?

#

Though I think we really should offer a native implementation as passkeys are beginning to spread everywhere

terse void
#

This is what I see every time I backup before updating HA, not really a great experience. It says failed, though it's backing up in the background, there is no clear indication on the screen what's happening, and you have to go Backup settings section to know what's going on.

It's been like this for several release now, and I'm sure it's been reported somewhere

Screenshot_2026-01-07_at_21.07.45.png
steep halo
#

When I have to restore HA I need to do some manual monitoring because I have SSL, an FQDN, and the restriction to only access HA this way. Unfortunately, the restoration process doesn't "switch" to the restored access and I have to monitor the restoration using journalctl at the server console. Is there a way to complete the restoration when the restored setup has an encrypted access? Maybe I'm missing something.
Another interesting thing would be to add in the restoration process documentation a step to create a reservation on the user's DHCP for the final IP address. This is important for those who have a static IP address set and integrations referring this IP such as dnsmasq or other MQTT based devices trying to connect to the old IP.