Secure your Zigbee network

To make sure your Zigbee network is as secure as possible, consider the following:

Change Zigbee network encryption key

Changing the network key requires re-pairing of all devices!

Zigbee2MQTT releases prior to 1.33.0 use a known default encryption key (Zigbee Transport Key). Therefore it is recommended to change the network encryption key on those versions. Release 1.33.0 and later will generate a random encryption key on startup.

To use a different encryption key add the following to your configuration.yaml:

Do not use this exact key.

advanced:
    network_key: [7, 3, 5, 7, 9, 11, 13, 15, 0, 2, 4, 6, 8, 11, 12, 13]

The network encryption key size is 128-bit which is essentially 16 decimal values between 0 and 255 or 16 hexadecimal values between 0x00and 0xFF.

If you need to transform your decimals to hexadecimals (or vice versa) please use a converter. Example: 92 (decimal) would become 5C (hexadecimal).

To let Zigbee2MQTT generate a new network key on next startup, add the following to configuration.yaml:

advanced:
    network_key: GENERATE