Overview
The ARMAC codebase is structured for safe public publication. All site-specific credentials and personally identifying information are separated from the source code into dedicated secrets files that are excluded from the git repository. Anyone cloning the repository receives working code with documented placeholders but no access to real credentials.
Arduino Sketches — config.h
Each Arduino sketch folder (AR1, AR2, AR3) contains a config.h file that holds the site-specific values the sketch requires:
- WiFi network names and passwords for each site profile (Fairhaven, Rowe Street)
- MQTT broker IP addresses for each site
- MQTT authentication username and password
- The inter-Arduino WiFi access point name and password used between AR2 and AR3
This file is listed in .gitignore and is never committed to the repository. A committed template, config_example.h, documents every required value with placeholders. Anyone deploying ARMAC copies this template to config.h in each sketch folder and fills in their own values before compiling.
The file is placed inside each sketch folder rather than at a shared parent level to ensure compatibility across all versions of the Arduino IDE, which handles relative path includes inconsistently.
Home Assistant — secrets.yaml
The Home Assistant configuration.yaml uses HA's native !secret mechanism to reference sensitive values. All such values are stored in secrets.yaml, which is excluded from the repository via .gitignore. The sensitive values covered are:
- GPS coordinates of the protected property
- SMTP account username used to send email and SMS alerts
- SMTP authentication password
- Owner email alert recipient address
- SMS recipient phone numbers for both household members
A committed template, secrets_example.yaml, documents every required key with placeholders. Anyone deploying ARMAC copies this to secrets.yaml and substitutes their own values. Home Assistant resolves !secret references from its own secrets.yaml on the Raspberry Pi at runtime; the repository copy serves as a local record and backup.
What Remains Visible in the Published Repository
The property name and the personal names appear in notification service names and alert message templates within configuration.yaml. These are not credentials and do not represent a security risk, but anyone adapting the system for their own use would substitute their own names. No IP addresses, passwords, email addresses, phone numbers, or GPS coordinates appear anywhere in the committed files.
File Summary
| File | Location | Committed | Purpose |
|---|---|---|---|
config.h | AR1/, AR2/, AR3/ | No — gitignored | Real Arduino credentials |
config_example.h | ARMAC_Scripts/ | Yes | Template for new deployments |
secrets.yaml | Repository root | No — gitignored | Real HA credentials |
secrets_example.yaml | Repository root | Yes | Template for new deployments |
For more background and technical detail refer to Communications resilience.