How to secure your Zigbee network #
By default your Zigbee network isn’t as secured as possible. The following settings are recommended to apply to your configuration.
Disable joining #
To disable joining it’s important that
permit_join: false is set in your
configuration.yaml. Otherwise rogue devices are able to join allowing them to send and receive Zigbee traffic.
Change Zigbee network encryption key #
Changing the network key requires repairing of all devices!
Zigbee2MQTT uses a known default encryption key (Zigbee Transport Key). Therefore it is recommended to use a different one. To use a different encryption key add the following to your
Do not use this exact key.
advanced: network_key: [7, 3, 5, 7, 9, 11, 13, 15, 0, 2, 4, 6, 8, 11, 12, 13]
The network encryption key size is
128-bit which is essentially 16 decimal values between
255 or 16 hexadecimal values between
If you need to transform your decimals to hexadecimals (or vice versa) please use a converter. Example: 92 (decimal) would become 5C (hexadecimal).
To let Zigbee2MQTT generate a new network key on next startup, add the following to
advanced: network_key: GENERATE