I set up Smart Lock Automation with Home Assistant to stop the constant fiddling at the door. I keep the system local where possible, avoid cloud-only unlocks, and use presence and door sensors to avoid unsafe unlocks. This guide shows the setup I use, concrete automation scenes I run, how I test them, and the privacy settings I change to keep smart home security tight. Expect short, practical steps and examples you can copy.
Pick a smart lock that supports a local API or a mesh protocol Home Assistant talks to, such as Z-Wave, Zigbee or a vendor with a documented local integration. I look for a lock that exposes battery level, lock state and a tamper sensor as entities in Home Assistant. Pair the lock using Z-Wave JS or ZHA integration, or add a local MQTT bridge if the lock speaks MQTT. After pairing, rename entities to readable IDs, for example lock.frontdoor and binarysensor.frontdoorcontact. Test basic control from Home Assistant UI: call lock.lock and lock.unlock in Developer Tools and watch the state change. If the state lags, check the integration logs and radio range before moving on.
For automation scenes I translate real behaviour into triggers, conditions and actions. One routine I use: when my phone connects to my home Wi-Fi and the front door contact is closed, unlock the door between 07:00 and 22:00. A concise automation looks like this in practice: trigger on device tracker state to home; condition that lock state is locked and time is within the window; action call lock.unlock. Add a secondary condition that a verified presence method agrees, for example a Home Assistant person entity or a BLE tracker. I also run a scene for letting guests in: a scene activates an entry code on the lock, sets a temporary access token in Home Assistant, and logs the event to a persistent notification and the audit log. To avoid unsafe behaviour, require the door contact to report closed before locking or unlocking, or add a manual confirmation for remote unlocks. Test automations by firing the triggers in Developer Tools, observe events under Events → live event stream, and check the history for the expected state transitions.
Integrate simple IoT devices into scenes to add checks and convenience. Add a motion sensor in the porch to delay auto-lock by 30–60 seconds when someone is exiting. Tie the smart lights to the unlock action so the porch lamp turns on for 2 minutes after unlock. If we talk privacy settings, set locks to local control only where possible, disable vendor cloud unlocks unless absolutely needed, rotate long-lived access tokens every six months, and restrict Home Assistant long-lived tokens to minimal scopes. Place IoT devices on a separate VLAN or guest SSID so a compromised camera cannot talk directly to the lock. Keep the Home Assistant host patched and use two-factor authentication on the frontend. For numeric values I use a 30–60 second auto-lock, 15 minute temporary guest codes, and log all unlock attempts with timestamps.
Troubleshooting and hardening are straightforward. If automations fail, check entity availability, then look at logger output for the integration. Add healthy retries in automations with a short delay and a fallback notification if the lock does not report the expected state. Monitor battery levels and set low-battery alerts at around 20 per cent. Audit the automation scenes monthly; confirm that presence detection is still accurate and that no anonymous cloud services retain persistent unlock rights. My last takeaway: keep logic local, add redundant sensors, and treat every remote unlock as a high-risk event that needs multiple checks before it runs.
