Encryption at Rest

The WindAutomat uses encryption at rest to ensure no sensitive data can be leaked through unauthorized file system access. All sensitive data is stored in the Bitwarden Secret Manager, and the access token is encrypted at rest.

Encryption

On initial deployment of the WindAutomat, the access token and encryption secret need to be provided via the web frontend. This can be done at https://windautomat.windreserve.de/lock

Decryption

On (re)start of the service, the access token needs to be decrypted using the encryption secret. Simply visit https://windautomat.windreserve.de, you should be redirect automatically to https://windautomat.windreserve.de/unlock, and provide the encryption via the password field.

Rotating the Secret

To udpate the encryption secret, simply go to https://windautomat.windreserve.de/update-password and enter the old and new passwords.

Keys	Action
`?`	Open this help
`n`	Next page
`p`	Previous page
`s`	Search