Secure your Zigbee network
To make sure your Zigbee network is as secure as possible, consider the following:
To disable joining it's important that
permit_join: false is set in your
configuration.yaml. Otherwise rogue devices are able to join allowing them to send and receive Zigbee traffic.
Change Zigbee network encryption key
Changing the network key requires re-pairing of all devices!
Zigbee2MQTT uses a known default encryption key (Zigbee Transport Key). Therefore it is recommended to use a different one. To use a different encryption key add the following to your
Do not use this exact key.
advanced: network_key: [7, 3, 5, 7, 9, 11, 13, 15, 0, 2, 4, 6, 8, 11, 12, 13]
The network encryption key size is
128-bit which is essentially 16 decimal values between
255 or 16 hexadecimal values between
If you need to transform your decimals to hexadecimals (or vice versa) please use a converter. Example: 92 (decimal) would become 5C (hexadecimal).
To let Zigbee2MQTT generate a new network key on next startup, add the following to
advanced: network_key: GENERATE
Generating a new network key by changing the key to "GENERATE" is not supported when using the HomeAssistant add-on.