A better way to store Tasker credentials

I do Tasker tutorials, I also share the files for you to download. This means I have to be very careful what information I share with you guys. I don’t want my personal keys, passwords and IP addresses to be available online. I spoke about the most important Tasker variable before, and this time I will show you how to store and authenticate your Tasker profiles properly.

The idea is pretty simple. I want to have a single file stored on Google Drive which will contain all the security information. The file’s URL will be shared with Tasker – which will handle the credentials. Some of you will shout at me for making the file shareable through the link, but the chances of actually finding this file just by the link are pretty slim. If you have RaspberryPi and NodeRED you can serve this JSON file from your own server (tutorial here something that I will do personally) with increased security (providing your NodeRED is secure).

Creating JSON file for Tasker credentials

 

For an easy access, I’m storing the values as JSON file. This way I can quickly access it with AutoTools JSON Read action. The file has the following structure:

{
  "NodeRED_IP": "192.168.1.183:1880",
  "HomeDNS": "DNS.ddns.net",
  "MQTT_user": "MQTTuser",
  "MQTT_pass": "MQTTpass",
  "HTTP_user": "HTTPuser",
  "HTTP_pass": "HTTPpass"
}

Simply save this (edited to your liking) as credentials.txt and upload it to your Google Drive. Enable sharing by link and copy the URL. Pay attention to the URL as I need to change the way it has been constructed.

https://drive.google.com/uc?authuser=0&id=XXXXXXXXXXXX&export=download

Grab the file ID from your URL and enter it instead of the XXXXXXXXXXXX above. Now you have an HTTP Get ready URL for Tasker

Tasker credentials profile

 

[tabs tab1=”TASKER PROFILE: Set Credentials On Boot”] [tab id=1]
Profile: Set Credentials On Boot 
	Event: Device Boot
Enter: Set Credentials 
	A1: Variable Set [ Name:%fileid To:XXXXXXXXXXXXXXXXXX 
		Recurse Variables:Off Do Maths:Off Append:Off ] 
	A2: HTTP Get [ Server:Port:https://drive.google.com/uc?authuser=0&id=%fileid&export=download 
		Path: Attributes: Cookies: User Agent: Timeout:10 Mime 
		Type:text/* Output File:Download/credentials.txt 
		Trust Any Certificate:Off ] 
	A3: AutoTools Json Read [ Configuration:Input Format: Json
		Simple Mode: true
		Json: /storage/emulated/0/Download/credentials.txt
		Fields: NodeRED_IP,HomeDNS,MQTT_user,MQTT_pass,HTTP_user,HTTP_pass
		Separator: , Timeout (Seconds):60 ] 
	A4: Delete File [ File:Download/credentials.txt Shred Level:0 Use Root:Off ] 
	A5: Variable Set [ Name:%NODEREDIP To:%nodered_ip 
		Recurse Variables:Off Do Maths:Off Append:Off ] 
	A6: Variable Set [ Name:%DNS To:%homedns 
		Recurse Variables:Off Do Maths:Off Append:Off ] 
	A7: Variable Set [ Name:%HTTPpass To:%http_pass 
		Recurse Variables:Off Do Maths:Off Append:Off ] 
	A8: Variable Set [ Name:%HTTPuser To:%http_user 
		Recurse Variables:Off Do Maths:Off Append:Off ] 
	A9: Variable Set [ Name:%MQTTpass To:%mqtt_pass 
		Recurse Variables:Off Do Maths:Off Append:Off ] 
	A10: Variable Set [ Name:%MQTTuser To:%mqtt_user 
		Recurse Variables:Off Do Maths:Off Append:Off ] 
	A11: Flash [ Text:
		  DNS: %homedns
		  HTTP User: %http_user
		  HTTP Pass: %http_pass
		  MQTT User: %mqtt_pass
		  MQTT Pass:%mqtt_user
		  NodeRED IP %nodered_ip 
		 Long:Off ] 
[/tab] [/tabs]

On boot, Tasker will download the file and store the credentials locally. The global variables will get updated and the file will be removed. To increase the security of Tasker, simply add the passcode to it. Going forward, all you have to do to change your credentials is update the credentials.txt and reboot your phone.

Please note that we are storing the credentials in Google Docs, so to edit the file you have to use some sort of text editor. I’m using Anyfile-Notepad – this way I can modify the file in Google Docs and the changes will apply on the next reboot of the phone. Alternatively, use Google Sync, and you can edit the file directly from the Windows’ notepad.

 

Assign Global Variables

AutoTools JSON Read action will read the JSON file from the text file and make it all available as local variables. If you want to learn more about JSON structure, I have a tutorial about it too. To access each value, you have to look for the “key” name. In the “Fields” option list:

NodeRED_IP,HomeDNS,MQTT_user,MQTT_pass,HTTP_user,HTTP_pass

You will have the values available as %nodered_ip, %homedns etc.  Use the variables to set your corresponding Tasker variables.

Once you have the variables assigned, it’s cleanup time. Delete the credentials.txt file using Tasker – File Delete and secure the Tasker with a password.

Conclusion

To increase the security of the setup, you could store the credential.txt on your own server behind the authenticated HTTP request. You could totally set one up using NodeRED. This way, the file is not shared with any other parties. You can enhance the modified EventGhost credentials too. Take a look at this tutorial to learn how to store the credentials globally in the EventGhost.

As you can see, storing Tasker credentials this way can help you manage it better without the risk of sharing it accidentally with others. Also, any changes made to the file would apply globally after the reboot. It will save me a lot of work, but I have to adjust all my connected profiles first. You can grab the ready-made files from here (Patrons get 3- day early access to all tutorial files) and support me in the process as well.

 

Mat Zolnierczyk

I am passionate about technology, cycling, and art. This would explain why my bike has more computing power than your average office. I own notenoughtech.com and I write for xda-developers.com and pocketables.com Feel free to follow me!