Personal Finance

Wanted to get a better picture of my personal finances. Used to use Mint for this but no longer do and dont really want to and would rather self host if possible.

Found Firefly III seems to fit the bill and can implment Oauth.

Setup

• Firefly II Helm Chart, using the core helm chart as will BYO postgres.
• Postgres - combination of bitnami helm chart + alpine images for arm64 support with some added features for my cloud.
• oauth2 proxy - combination of first party helm chart + registration pieces for my IDP.

Firefly supports multiuser/remote user authentication via trusted headers

Oauth2 proxy will by default pass X-Forwarded-User and X-Forwarded-Email.

Need to configure Firefly III to expect from them instead of its defaults. Which seems to be easier than configuring oauth2 proxy to pass back the defaults auth headers.

config:
  env:
  	AUTHENTICATION_GUARD: "remote_user_guard"
  	AUTHENTICATION_GUARD_HEADER: "HTTP_X_FORWARDED_USER"
  	AUTHENTICATION_GUARD_EMAIL: "HTTP_X_FORWARDED_EMAIL"

Importing Data

With Firefly III up and running, importing banking data becomes the next step. This is also the hardest step and many banking instatutions do not have api level access for individuals.

One option is to manuall download CSVs or other statement types from banks, process and import them into firefly via its api/importer tool. This option is kind of a pain in the ass and not really interested in doing that if I can help it. It might be automateable with some sort of webcrawler/headless browser type setup but thats also kinda sketchy as id have to store my bank logins.

Plaid Journey

Plaid is a financial data api service. It seems to have a development free teir that one might be able to use for this and a paid for api access. Not thrilled about having to pay for api access, but its not outside of the ethos of “self hosted” as this is specifically an integration with the outside world so is non sensical to be “self hosted”

Was able to create an account easy enough and then verified email and setup MFA.

Next was “Test with Real Data”, seems to be a limited and free production access. This should hopefully be good enough for my purposes.

There are two mentioned plaid connectors with firefly iii

• firefly-plaid-connector
• firefly-plaid-connector-2

plaid connector 2 seems to be a successor to the first so will start with it.

There is an issue on it referring to the use of “limited production” with mixed results. will see how far I can get without giving away a credit card.

After recieving limited production access and going through some of the nuance, it seems that Plaid will integrate with banks that support oauth (meaning plaid never sees/stores your banking credentials) and supports banks that do not support Oauth (meaning that they do store your banking credentials for these banks). With limited production access you’re limited to banks that dont support oauth… so yeah I dont really want to do that as this means allowing Plaid to store my banking credentials and that is unsettling.

Manual Importer

In setting up plaid going back and forth with whether or not i want to actually go through with it. In the meantime going to try to manually import statements from downloaded csvs.

installed the importer chart and port-forwarded to it. Seems that when remote user auth is enabled it can only work with a personal access token.

Created a token and added it the the importer chart deployment.

fireflyiii:
  auth:
  	accessToken: ...