Set Smart Home
Home Assistant Smart Locks: The Ultimate Privacy-First Buyer's Guide
23 min czytania

Home Assistant Smart Locks: The Ultimate Privacy-First Buyer's Guide

# Home Assistant Smart Locks: The Privacy-First Buyer's Guide

You've shortlisted a smart lock. Then you read the fine print and discovered three things: every unlock event routes through the manufacturer's servers, the "advanced" features you saw in the demo video sit behind a monthly subscription, and the lock becomes an expensive paperweight the day the vendor decides to sunset the product line. This is the case for choosing a home assistant smart lock instead — a lock that talks only to a small computer in your home, runs without internet, and costs nothing in monthly fees. This guide covers which locks integrate locally with Home Assistant, what they actually cost over five years, what the setup looks like step by step, and the automations a cloud lock will never give you. Set Smart Home, a Warsaw-based installer, builds these systems for apartments, houses, hotels, and offices when the reader prefers a same-day installation to a weekend of DIY.

A modern apartment door from the interior, with a discreet retrofit smart lock (Nuki-style) mounted over an existing deadbolt thumbturn. Phone visible on a side table showing a Home Assistant dashboard. Warm natural light, Scandinavian interior — mat

Table of Contents

Why Cloud-Connected Locks Create a Hidden Security Debt

Your skepticism about cloud-connected locks is well-placed. Mainstream products like August, Yale Access, Schlage Encode, and Wyze Lock route authentication, entry logs, and in some cases live Bluetooth and Wi-Fi telemetry through the manufacturer's cloud. Choosing a home assistant smart lock is, more than anything else, choosing to stop generating that data trail. To understand why this matters, it helps to look at four concrete patterns the industry has normalized.

Where your data physically lives. Every unlock event — who, when, from which IP, with what geolocation — is written to a database the manufacturer owns. You have no audit access beyond what GDPR forces a vendor to disclose, no deletion guarantee for backups, and no insight into third-party data sharing with analytics providers, insurance partners, or law enforcement under subpoena. The lock on your front door is, in data-protection terms, a continuous behavioral sensor pointed at your household — and the recipient of that data is a company you have no commercial relationship with beyond a one-time hardware purchase.

The subscription degradation pattern. This is now the standard playbook across the smart-home industry: a lock ships at launch with auto-unlock, full activity history, and unlimited guest codes included. Within 18 to 24 months, the vendor moves "extended history" beyond seven days behind a paid tier, adds "smart alerts" to the same tier, and quietly reduces the free plan's capabilities. The hardware did not change. The EULA did. Ring Protect, Nest Aware, and Wyze Cam Plus established this pattern in the camera category; lock product lines are arriving at the same destination.

Cloud-outage equals locked out. When the vendor's authentication server is unreachable, the manufacturer's app cannot deliver an unlock command — even if your phone is sitting six inches from the lock. Most cloud locks retain a physical key or PIN keypad as fallback, so you are not literally locked out, but the smart features you paid for vanish. The precedent for vendor sunset is not theoretical. Insteon abruptly shut down its cloud in April 2022, leaving thousands of devices semi-functional. Wink transitioned customers to forced subscriptions in 2020. Best Buy ended its Insignia Connect platform in 2019. In each case, hardware that worked yesterday stopped working today.

The false dichotomy. Vendor marketing frames the choice as "cloud convenience versus a dumb offline lock." This is marketing copy, not an engineering constraint. A privacy-first smart lock paired with Home Assistant delivers every cloud feature — remote unlock, automations, time-limited guest codes, voice control — without your data leaving the home network. The cloud was never required to make the features work; it was required to make the subscription work.

What "local" actually means with Home Assistant. Home Assistant runs on a small computer in your home: a Raspberry Pi 4, a Home Assistant Green appliance, an Intel mini PC, or a NAS. It speaks Zigbee, Z-Wave, Matter, Bluetooth Low Energy, and Wi-Fi natively. Your lock communicates only with this local hub. If you want remote unlock from outside the home, you choose how: Nabu Casa's encrypted tunnel at €6.50 per month (optional), a self-hosted WireGuard or Tailscale VPN (free after one-time setup), or no remote access at all. Choosing a smart lock without subscription is not about giving up features. It is about owning the infrastructure those features run on. An offline smart lock stack — hub plus lock — does everything a cloud lock does, and several things a cloud lock cannot do, which the next sections cover specifically.

A smart lock that needs permission from someone else's server to open your door is not your lock. It is a service you rent, with hardware attached.

Home Assistant Smart Locks vs. Cloud-Only Locks vs. Hybrid Systems

Most buyers end up choosing between three architectures, and the differences are not cosmetic. They determine what your lock can do when the internet drops, how vulnerable you are to a vendor changing its pricing model, and how easily you can extend the system once you decide you want more than just a smart front door. The matrix below uses a single home assistant smart lock install as the baseline against the two cloud-leaning alternatives.

Criteria Home Assistant (Local) Cloud-Only Lock Hybrid (Cloud + Local)
Where entry data lives On-premises hub Vendor cloud servers Vendor cloud + local cache
Function when internet drops Full LAN control App cannot reach lock Manual codes only
Recurring cost €0 (or €6.50/mo remote) €5–€15/month €3–€10/month
Setup effort Moderate, hub required Low, app and Wi-Fi Low to moderate
Automation flexibility Unlimited cross-device Vendor-locked Vendor-locked with API gaps
Long-term ecosystem risk Low, open-source High, vendor sunset = brick Medium

Which row matters most depends on who you are. The privacy-conscious homeowner reads row one and stops there. The landlord with tenants who travel for work cares about row two — an ISP outage in Warsaw cannot become a lockout in Berlin. The hotel manager running 40 rooms reads rows five and six, because a vendor pivot that forces re-pairing every lock is operationally unsurvivable at scale. The office manager who wants the door to coordinate with the meeting-room calendar lives in row five.

Setup effort deserves honest examination. Home Assistant is not plug-and-play. The hub itself costs €100 to €500 depending on which build you choose, and first-time setup runs 2 to 6 hours for a comfortable Linux user — or one same-day appointment with an installer. Cloud locks take 15 minutes from box to working app. The trade is not "good versus bad." It is "buy once" versus "rent forever," and the rent compounds. The Control4-versus-Home-Assistant comparison covers this trade in more depth for readers weighing the broader ecosystem question; Home Assistant remains the dominant choice when buyers want an open-source platform rather than a vendor relationship.

Hybrid systems are a transitional bet, not a destination. The August Wi-Fi Smart Lock, the Yale Assure 2, and several recent Matter-capable products can technically be brought under local control via Home Assistant, but the manufacturer's app remains the primary interface and the cloud account is rarely optional. Treat hybrid locks as cloud locks with an escape hatch. They are useful when migrating from a fully cloud setup, and they fail as a final privacy posture.

Smart Locks That Work Locally With Home Assistant

Not every lock advertised as "Home Assistant compatible" actually runs offline. Some require the vendor cloud to provision the integration, then operate locally afterward. Others are fully local from the first pairing. Below are the options that work reliably for a home assistant smart lock install in Poland and the wider EU market as of 2024.

  • Nuki Smart Lock 4 Pro / Nuki Smart Lock Go. Retrofit lock that mounts over your existing thumbturn — no drilling, no door modification, no cylinder change. Built for European Euro-profile cylinders, which dominate Polish apartments. Integrates with Home Assistant via the native Nuki integration over Bluetooth or via the Nuki Bridge over LAN through a documented local HTTP API. Price range: €229–€329. Battery life: 6 to 12 months on 4× AA. Offline-capable after initial pairing; the Nuki Web account is optional if you skip remote access. The Nuki Home Assistant integration is one of the more mature in the ecosystem, with active community maintenance.
  • Aqara Smart Lock U100 / U200. Zigbee plus Bluetooth lock. The U200 is a retrofit for European Euro-cylinder doors; the U100 is a full deadbolt replacement closer to the US standard. Pairs directly to any Zigbee coordinator — a Home Assistant SkyConnect, a Sonoff ZBDongle-E, or an existing Zigbee2MQTT setup — with no Aqara hub or cloud account required when using ZHA or Zigbee2MQTT. Price range: €180–€250. Fingerprint reader, keypad, and NFC card support included. Caveat worth knowing: some firmware versions still phone home for update checks; block the lock at the router level if strict isolation is the goal.
  • Loqed Touch Smart Lock. Dutch brand purpose-built for the European market — Euro-cylinder retrofit, designed around the EU door standard rather than adapted to it. Native Home Assistant integration via local webhook. Price: €299. Matter-over-Thread support is rolling out across firmware; once enabled, the lock is fully local with no vendor account in the operational path. Strong fit for Warsaw apartments due to native cylinder compatibility and EU stock availability.
  • Tedee GO / Tedee PRO. Polish-designed retrofit lock — relevant for buyers who want local support and parts availability in Poland. Bluetooth-based, mounts over the existing thumbturn in under 15 minutes. Home Assistant integration via the Tedee Bridge exposes a local API. Price range: €179–€349. Local control is confirmed; the Tedee cloud account is required only if you want remote unlock outside the home network.
  • Z-Wave locks (Yale Assure 2 Z-Wave, Schlage BE469ZP). Pair directly to a Z-Wave coordinator like a Zooz 800LR or an Aeotec Z-Stick. 100% local from the moment of pairing — no vendor account exists, ever. Price range: $200–$280 for US-market units; EU availability is more limited and import is sometimes the only path. Best choice for buyers who want zero vendor relationship after the hardware purchase clears.
Side-by-side product shot — a Nuki Smart Lock 4 Pro mounted on a typical Polish/EU interior door over a Euro-cylinder thumbturn, alongside a Tedee GO on a similar door. Shot from a slight angle showing the retrofit's compact profile. Lighting: bright

From Unboxing to First Automation: The Setup Walkthrough

You've chosen a lock from the list above. The next two hours determine whether the system feels like a clean install or a weekend project. Below is the practical deployment sequence — seven steps that take a new install from sealed box to working automation. If any step in this sequence makes you uncomfortable, that is the honest signal to hire the installation rather than push through it.

  1. Pre-purchase compatibility check (15 minutes). Confirm the exact lock model number against the integration list at home-assistant.io/integrations. Inspect the door's cylinder type: Euro-profile (typical in Poland), mortise, or US-style deadbolt. For retrofit locks like Nuki and Tedee, measure thumbturn clearance — most retrofit bodies need 30 to 40mm of clear space behind the cylinder. Doors with thick decorative escutcheons or recessed thumbturns sometimes need a spacer kit.
  2. Set up the Home Assistant hub (30–90 minutes). If you do not already run Home Assistant, install Home Assistant OS on a Raspberry Pi 4 with 4GB or more of RAM, a Home Assistant Green appliance at €99, or a Home Assistant Yellow with a Pi compute module. Connect via Ethernet — Wi-Fi works but Ethernet eliminates an entire class of intermittent failures from your reliability budget. Complete the onboarding wizard, set a strong admin password, and enable automatic backups to a USB drive or network share.
  3. Add the radio coordinator if your lock requires one (15 minutes). For Zigbee locks like the Aqara U200, plug a SkyConnect or Sonoff ZBDongle-E into the hub's USB port and add the ZHA or Zigbee2MQTT integration. For Z-Wave locks, plug in a Zooz 800LR. For Bluetooth-only locks like Nuki and Tedee, either use the hub's built-in Bluetooth (range-limited) or deploy a Bluetooth proxy on an ESP32 placed near the door — €15 of hardware that fixes most range issues.
  4. Physical lock installation (20–40 minutes). Retrofit example for Nuki: remove the key from the inside cylinder, attach the Nuki mounting plate around the thumbturn, slide the lock body onto the plate, insert the 4 AA batteries. No drilling, no cylinder change, fully reversible. For a US-style deadbolt replacement with a Schlage Z-Wave: remove the existing deadbolt, install the new mechanism, verify strike-plate alignment, test the manual key before powering on the smart components.
  5. Pair the lock to Home Assistant (10 minutes). In Home Assistant, navigate to Settings → Devices & Services → Add Integration, then search for the lock brand. Follow the pairing prompt — usually a long button press on the lock, sometimes a QR code scan from the lock's documentation. Confirm the device appears in the dashboard with lock and unlock controls plus a battery state. If pairing fails, the most common cause is radio range; move the hub or add a proxy.
  6. Build the first automation (15 minutes). For a proof-of-concept that pays off immediately, build this: lock the door automatically 10 minutes after the last household phone leaves the home, detected via the Home Assistant Companion app's geofence or a household member's Bluetooth presence. Use the Home Assistant Automations UI — no YAML required for a first build. Test it by walking out the door and watching the log.
  7. Test offline and brief the household (15 minutes). Unplug the WAN cable from your router. Confirm that any phone on the local Wi-Fi can still lock and unlock the door through the Home Assistant app — this verifies the install is genuinely local and not silently cloud-dependent. Re-plug the router. Walk every household member through the three unlock paths: PIN on the keypad, app on the phone, physical key as backup. Show them what a low-battery notification looks like so the eventual warning isn't a surprise.

Automations That Cloud Locks Will Never Offer You

This is the part where a home assistant smart lock stops looking like a more expensive cloud lock and starts looking like a different category of product. Cloud locks are limited to whatever automations their vendor's app builder exposes. Home Assistant treats the lock as one node in a graph that includes every other device, every calendar feed, every presence sensor, every weather API, and every notification channel in your home. Five concrete scenarios illustrate what this actually means in practice.

Multi-condition unlock with calendar awareness. Unlock the door when a specific set of conditions all hold: the household's shared Google Calendar shows "cleaner — Tuesday 10:00," the cleaner's known phone MAC address has appeared on the network OR a one-time PIN is entered on the keypad, the front-door camera confirms a person is standing there, and all of this falls between 09:55 and 10:15. Outside that 20-minute window, the same PIN is rejected by the automation layer even if it would otherwise be valid. Cloud locks offer scheduled PIN codes. They do not offer conjunctive logic spanning calendar, camera, network presence, and keypad in a single decision tree.

Hotel guest room provisioning. Property managers running 10 or more rooms can auto-generate guest PINs the moment a reservation confirms in Booking.com or a PMS like Mews, valid only between check-in and check-out timestamps. Auto-unlock the room when the guest's phone — registered to the property Wi-Fi at check-in — comes within Bluetooth range of the door. Auto-lock the room and cut HVAC and lighting 20 minutes after the cleaning crew exits on checkout day, recovering energy costs without staff involvement. This bundle of features is quoted at €15 to €30 per room per month in commercial cloud lock systems. Built once on Home Assistant, it runs across the whole property at no recurring cost.

Cross-device security choreography. When the door unlocks between 23:00 and 06:00 without a recognized household phone present, the home executes a sequence: hallway lights come up to 40% brightness, a snapshot from the entry camera fires to every household member's phone, the indoor microphone (if present) records a 60-second audio clip, and the security siren arms on a 90-second delay that can be cancelled by entering the disarm PIN. This is roughly 30 lines of YAML. No cloud lock vendor offers it, because no cloud lock vendor controls your lights, your cameras, or your siren — and even when partner integrations exist, they are slow, fragile, and subject to disappearing in an API change.

The lock stops being a destination and starts being a trigger. That is the difference between a smart product and a smart home.

Geofence with grace period and direction-of-travel logic. Unlock the door when the homeowner's phone enters a 100-meter radius AND is moving toward the building, calculated from two consecutive GPS samples. Lock the door 8 minutes after the last household phone leaves the geofence — that grace period prevents the lockout that happens when someone steps out to take the bins down for two minutes. Cloud lock auto-unlock features fire on geofence entry alone, which causes the well-documented false-unlock problem when a homeowner walks past their own building on the way somewhere else. A proper Home Assistant lock automation eliminates this with about five lines of logic.

Audit trails that belong to you. Every lock event — successful unlock, failed PIN, manual override, low battery — writes to Home Assistant's local database (SQLite by default, PostgreSQL for larger installs). You can query "how many unlock events happened between 14:00 and 18:00 in October" using the Lovelace history card or a direct SQL query. Cloud lock dashboards typically retain 7 to 30 days of history unless you pay for an extended tier, and that history is hosted on infrastructure you do not control. With a home assistant smart lock, log retention is bounded only by disk space: a full year of lock events occupies well under 50MB. For landlords, hotel operators, and office managers, this audit posture is the difference between "I think the cleaner came Tuesday" and a queryable record going back years.

These capabilities matter most when the lock is not the only smart device in the home. An apartment owner with a single lock and a single motion sensor sees modest gains. A hotel manager with locks, lighting, HVAC, and a PMS sees an operations transformation. An office manager who wants the front door to coordinate with meeting-room availability sees a working solution rather than a vendor demo. The lock's value grows as the system grows around it, which is the opposite of how cloud lock economics behave.

The Five-Year Cost Reality: Local vs. Cloud Locks

The local-first lock looks more expensive on day one. Over five years, the math reverses — and on the second device, the third, and the tenth, it reverses harder. Below is a transparent breakdown using mid-market 2024 EUR pricing for a single-door installation in Poland.

Cost Category Cloud-Only Lock HA + Nuki/Tedee HA + Z-Wave Schlage
Lock hardware €150 €250 €230
Hub / coordinator €0 €130 €160
Subscription (60 mo) €300 €0 €0
Batteries (5 yr) €40 €40 €40
5-year total (base) €490 €420 €430
5-year total (paid remote) €490 €810 €430

The break-even is closer than expected. A single lock with a single mid-tier subscription is roughly cost-neutral over five years against a Home Assistant install — you save the subscription, you spend on the hub. The math shifts decisively the moment device count grows. The second lock, the first set of smart bulbs, the first motion sensor, the first contact sensor all run on the same hub at no additional infrastructure cost. Each cloud lock or cloud device, by contrast, brings its own subscription stack, and the costs stack linearly.

What the subscription number hides. The €5 per month used in the table is the current mid-tier price for a representative cloud lock. Vendor history across Wyze, Ring, and Insteon suggests that 15 to 30% subscription price increases over five years are normal, along with feature reshuffling that pushes previously-included capabilities into higher tiers. Treat the cloud column as a lower bound, not a fixed estimate. The €490 figure could realistically be roughly €550 to €600 by year five for the same product purchased today.

Switching cost is the silent cost. When you outgrow or sour on a cloud lock platform, you cannot export your automation logic, your guest code history, or your device groupings — that data and that configuration belong to the vendor. Switching means starting over. Home Assistant configurations are YAML and SQLite files you own; migrating to new hardware preserves every automation, every dashboard, every history record, with only the device-pairing step needing repetition.

Where a professional installation fits. A first-time Home Assistant install covering one lock, hub configuration, network tuning, and a trained household member is a same-day job for an experienced installer. The installation fee is typically recovered within roughly 18 to 24 months of avoided subscription costs against a single cloud lock, and the recovery accelerates with every additional device added to the same hub. For hotels and offices, where dozens of locks and devices are involved, the recovery period is measured in weeks, not years.

When the cloud lock still wins. Honestly: if you will only ever own one lock, have no other smart devices planned, prefer to avoid any technical setup, and trust the chosen vendor's roadmap — a €150 cloud lock is a defensible purchase. The smart lock without subscription path is for buyers building a system, not buying a single gadget. Those two profiles need different products and there is no shame in either.

A flat-lay shot from above: on the left, a smart lock box surrounded by printed monthly subscription invoices arranged like fanned-out cards. On the right, a Home Assistant lock and a small Home Assistant Green hub with no other paperwork beside it.
A €150 cloud lock with a €5 monthly fee is a €450 lock. Pricing the subscription out of the conversation is how the industry sells you the same device three times.

Buyer Questions Answered Before You Order

Below are the questions readers Google between adding the lock to their cart and clicking buy. Each answer is specific.

  1. If my internet goes down, am I locked out? No. Home Assistant runs entirely on your local network. Any phone, tablet, or laptop connected to your home Wi-Fi can lock or unlock the door through the Home Assistant app or web interface — even with the WAN cable physically pulled from the router. You only lose the ability to control the lock from outside the home, which most readers do not actually need on a typical day. A cloud lock, by contrast, fails at the app-to-server step and refuses commands from any device, including the phone three feet from the door. This is the defining behavioral difference between an offline smart lock stack and a cloud lock, and it is the single most important answer in the entire purchase decision.
  2. I rent. Can I install this without the landlord noticing? For Euro-cylinder doors — the standard across Polish apartments — yes. Nuki, Tedee, and Loqed all mount over the existing thumbturn from the inside. No drilling, no cylinder replacement, fully reversible in under 10 minutes. Take the lock with you when you move out. The landlord's existing key continues to work from the outside throughout your tenancy. The Nuki Home Assistant integration runs in pure local mode, so even the manufacturer is not aware of a tenant installation if you skip the optional cloud account.
  3. Will this work with my existing Fibaro, Grenton, or Keemple system? Not directly. Those are closed ecosystems that do not bridge to Home Assistant for security and IP reasons. If you already own a Fibaro Home Center, you can either run Home Assistant alongside it — some integration exists via REST API for specific devices — or migrate gradually. For Fibaro and Grenton owners considering a switch, plan it device by device. Locks are usually a sensible first replacement because they are standalone in function and the cost-benefit of going local is most visible in this category.
  4. How long do the batteries last? 6 to 12 months for retrofit BLE locks like Nuki and Tedee running on 4× AA. 8 to 14 months for Zigbee and Z-Wave locks like Aqara and Schlage, which benefit from lower-power radio protocols. Home Assistant fires a notification when battery drops to 20%, giving 2 to 4 weeks of warning before the lock actually fails. You will not be surprised by a dead battery if the notification rule is configured during initial setup — and configuring it is a 30-second job in the Automations UI.
  5. Is this overkill for a one-bedroom apartment? If you live alone, never have guests or service workers entering, and do not care where your unlock logs are stored — a regular deadbolt is fine and a cloud lock is overkill in a different direction. If you let in cleaners, dog-walkers, family members, or short-stay guests; if you have ever been locked out and had to pay an emergency locksmith; or if you plan to add any other smart device to the home — a home assistant smart lock pays for itself in convenience and avoided lockout calls within the first year, and the hub becomes the foundation everything else builds on.
  6. Can I install this myself or do I need an installer? The lock itself is genuinely DIY-friendly — most retrofit installations are 20-minute jobs and the documentation is clear. The Home Assistant hub setup is where DIYers stall: choosing the right hub model, configuring the network, picking the right radio coordinator for the lock you bought, and writing the first automation that actually does something useful. Readers who plan to add cameras later may want to review a device-level integration walkthrough to see what a typical pairing process looks like before committing. If you are comfortable with a Linux command line and a router admin page, you will be fine. If either of those phrases produces hesitation, hire it out. Set Smart Home handles consultation, device selection, same-day installation, and household training in one appointment for the Warsaw region, which compresses the entire learning curve into a single visit.
  7. What happens if Home Assistant the project disappears? Home Assistant is open-source with thousands of contributors and is among the largest open-source projects on GitHub by contributor count. If the foundation behind it ever folded, the software continues to run on your hub indefinitely — there is no license server, no activation check, no cloud dependency in the operational path. Your lock keeps working. Community forks would appear within weeks, as has happened with every significant open-source project facing maintainer changes. This is the structural opposite of cloud-lock dependency, where the vendor's bankruptcy is the moment your hardware stops working. The asymmetry is the entire reason the local path exists.