Secrets Management

Secrets Management

To maintain security and prevent sensitive information—such as WiFi credentials or Cloud API keys—from being exposed in public repositories, this project utilizes a header file approach for configuration.

Using secrets.h

Instead of hardcoding credentials directly into the main .ino sketch, all sensitive data is stored in a separate file named secrets.h. This file acts as a local configuration layer.

1. Create the Secrets File

Create a new file in the same directory as your sketch named secrets.h. If a secrets.h.example file is provided in the repository, you can copy it:

cp secrets.h.example secrets.h

2. Define Your Credentials

Populate secrets.h with your specific network and API information using #define macros.

// secrets.h
#ifndef SECRETS_H
#define SECRETS_H

// WiFi Configuration
#define SECRET_SSID "Your_WiFi_SSID"
#define SECRET_PASS "Your_WiFi_Password"

// API / Cloud Configuration (e.g., ThingSpeak, MQTT, or Custom Gateway)
#define SECRET_API_KEY "ABC123XYZ789"
#define SECRET_DEVICE_ID "Sensor_Node_01"

#endif

Integration in the Main Sketch

To use these variables, include the header at the top of your main Arduino sketch. This allows you to reference the macros throughout your code while keeping the actual values private.

#include "secrets.h"

// Assigning secrets to variables
char ssid[] = SECRET_SSID; 
char pass[] = SECRET_PASS;
const char* apiKey = SECRET_API_KEY;

void setup() {
    Serial.begin(9600);
    // Use variables for connection
    WiFi.begin(ssid, pass);
}

Security Best Practices

When managing secrets in this project, adhere to the following guidelines:

• Never Commit Secrets: Ensure that secrets.h is listed in your .gitignore file. This prevents the file from being uploaded to GitHub or other version control systems.
• Template Provisioning: Always provide a secrets.h.example with dummy values so other users know which definitions are required to compile the project.
• Minimal Scope: Only store data in secrets.h that is truly sensitive. General configuration like BAUD_RATE or RS485_DE_RE_PIN should remain in the main sketch or a config.h file.

Configuration Reference

| Constant | Type | Description | | :--- | :--- | :--- | | SECRET_SSID | String | The SSID (Name) of the WiFi network the Arduino will connect to. | | SECRET_PASS | String | The WPA2 password for the specified WiFi network. | | SECRET_API_KEY | String | The authentication token for your backend or IoT Dashboard. |