Is the Tesla Home Assistant Integration secure?

So I personally don't know if that is secure or not (I use HACS all the time, personally I have no issues from a security point of view), but I chose the official HA API because it's free (minus the website of $10/year). I forgot the specific steps, but the home assistant integration website is good enough to give you guidance on 90% of it, and then I used chatgpt the rest of the way to create my keys, NGINX configuration, get the service hooked up so I can not only read data but also control my car. To be clear HACS is a custom repository. Tessie may be running the github so if that's the case you know it's secure.

You're not entering your login details directly. It's via a standard token/API process.

I use HACS all the time but am cautious about using it to integrate with an ecosystem that I'd be extra concerned about getting hacked (security cameras, car, etc). When you say say you used the HA API, how do you mean? This sounds intriguing!

Ah interesting. However, if those behind the HACS integration did have some sort of nefarious intent, wouldn't giving token/API access to the integration still give it/them access to mess with it?

https://www.home-assistant.io/integrations/tesla_fleet/ The step by step is pretty good, but you do need to have some basic knowledge of how this all works. I have powerwalls and 2 teslas so it made financial and technical sense for me to do it like this instead of paying for multiple apps (netzero and tessie)

Oh cool, so this is an official integration that uses the official Tesla API? Looking at the prices for the Tesla API, you get a $10 a month discount for one vehicle, and with enough credits for a few things a day, it'd be less than $10 making it free. I already own loads of domains so could just create a random dub-domain for hosting the public key. Would that mean this would be free? This looks perfect, and the tutorial seems to be pretty good, thanks!

Yep it would be free (my 2 cars and powerwalls never go above $10 in a month), and it's built into HA. You just need to setup an nginx proxy that would serve the key. Look at the tesla fleet api for information on that as well. Lots of CLI for me ha. https://developer.tesla.com/docs/fleet-api/getting-started/what-is-fleet-api

I think this is exactly what I was after. I also didn't realise there was a $10 free monthly credit with the Tesla API (as I'd heard there was a price hike that was threatening to put companies like Tessie out of business). This is great news, thanks so much, really appreciate your several replies and full answers. Hopefully I'll be able to get my head around this pretty easily, but my understanding is: 1. Create a developer application (Basically just make up a name for my 'app') 2. Add those details into HA 3. Upload the public key to my domain (I'm presuming the Tesla site spits out a file and I literally just pop it at the directory that domain is pointing to?) 4. Add a virtual key to my car Is the NGINX just an option if I didn't already have a domain to host the public key?

I mean sure - if you're really concerned, then don't use any of these services. Many people click 'OK' on integrating google login / similar things all day long. Personally I've had Tessie for 5 years. The developer is active on here if you want to contact them. [https://www.reddit.com/user/TessieDev/](https://www.reddit.com/user/TessieDev/)

Yeah sure I've got no problem with Tessie. I was more referring to independent 'un-branded' HACS integrations. I had considered Tessie a few times but the specific use cases I have for it I just can't warrant the monthly or lifetime expense of it.

So my key is hosted on my home assistant server and my nginx docker is routed to it. That's why I have nginx. Helps with other things I like to route to my house instead of an ipaddress So I used the tesla api steps to create a key (the below is from teslas api website) To create a private key, run: openssl ecparam -name prime256v1 -genkey -noout -out private-key.pem Then, generate the associated public key. openssl ec -in private-key.pem -pubout -out public-key.pem From there you have to route it. If the key is physically located on your server then I guess you don't need nginx.

Thanks so much for your help. Really appreciated! I'm either going to work my way through this or may just bite the bullet and get a Tessie membership (didn't realise API access, which I'm guessing is all I need to connect to HA) is included in the cheapest bundle. I thought you needed at least the Pro version as it listed automatons. Thanks again so much, really appreciate it!