When I replace my password with an encryption key, I get a red X by the encryption line with an error “[encryption] is invalid option for [api]. check the indentation.” Indentation is fine, I cut and pasted from ESPHOME instructions. Any ideas? My version of ESPHOME is 1.15.3
did you add
api:
encryption:
key: <the key you use>
Update to a version that isn’t over 2 years old…
ESPHome
Current version: 2022.12.8
That is kind of what I thought, but usually I get a message in the ui interface that there is an update and I dont see that message. How do I upgrade? .
In terms of security, is it okay to reuse the same key for all ESPhome devices? Or should we use a new one for each one?
Well, the whole point of the thing is to have the communication between esp and ha encrypted.
Meaning, without a key, decryption is going to be hard to crack.
Each device having its own key even harder to be crack, as all keys are different…
Having that said…i can raise some questions:
- Who has access to you local network?
- Who is willing to put a lot of efforts into cracking your keys?
- Who is interested in switching on and off your esp controlled lights?
But basically….this whole encryption thing is done to satisfy over-paranoid home users.
(And many of these people often don’t have a clue what they are doing or how things work.
Which often makes things even less secure, as things are configured inproperly.
I mean, what is the use of putting 20 locks on the front door, but leaving the back door open….
but that is another topic which has not much to do with your question)
So when you know your network is pretty secure, there is no real need to use any encryption at all
I.o.w. just using
api:
is enough, but since it is there, why not use it 
I myself use one central key (stored in HA’s secrets.yaml), and mainly started using it to get rid of the warning that password are depreciated 
4 Likes
Thanks. All squared away and upgraded with the new version 2022.12.8 and encryption keys.
2 Likes
I have no encryption / passwords. More than welcome to read my sensors and watch my rubbish bins.
4 Likes
Hi everyone. After going through this change i started to get following error in my device’s log
13:49:39 [W] [api.connection:071]
192.168.2.2: Socket operation failed: HANDSHAKESTATE_READ_FAILED errno=11
sometimes i also got this
[api.connection:083]
ESPHome Logs 2022.12.8 (192.168.2.2): Connection closed
and no proposal to reconfigure it (as described above) appeared. However, the device status is online and the device itself manageable.
removing from HA and adding it again didn’t take effect
any idea how to fix this error
Yes, I’ve had same error and reconfigure notice appeared often. Restarting HA and removing/ re-adding devices helped.
Thanks for sharing. Unfortunately doesnt work for me/ After delleting (including all config\json files in esphome folder), rebooting and reinstalling - same behaviour
I tend to hate this new api encryption key change more by the hour… each time i delete/reinsert my esphome module i have to enter encryption key. I knew my password and it was quick - while this new key it’s impossible to know so each time i have to open “secrets.yaml”…
damn… i’m on the edge of disabling this new option… nothing but problems…
Store your encryption key in the ESPHome secrets file:
encryption_key: "your+ridiculously+long+and+obtuse+key+value+goes+here"
Then update your individual ESPHome YAML configuration files:
api:
encryption:
key: !secret encryption_key
1 Like
you’d think it would be that easy, wouldn’t you …
it’s not, especially for existing devices using the API password, ie devices already existing in the HA devices list… I’ve not been successful in getting one of those to work, I even pulled out the integration and put it back, but still no luck being able to reconfigure ((within HA) a device changed to the encryption key methodology, I was always prompted for a password not the key…
Just want to say thank you @Troon for your post. I use HA Container and ESPHome in a Docker container - I followed the instructions in the first post to update my existing ESPHome devices that were using API passwords today and it was very straightforward. All working perfectly with the encryption keys now.
1 Like
I do have it stored there, but i’m still asked for a key…
But,perhaps esphome2023.2 is needed…
Indeed. HA is ready to receive the encryption keys auto-magically already but the code in esphome dasboard will just ship with the next release (2023.02). 
Also (for now) it only works with HaOS so if one is using supervised, docker or core they will still need to manually enter the key 
2 Likes
I am getting below error when I add encryption key to my config after upgrade to 2023.2.5, previously it was working well with 2023.1.7. Any help is appreciated.
INFO Reading configuration /config/esphome/officesmartled.yaml...
WARNING The selected Arduino framework version is not the recommended one. If there are connectivity or build issues please remove the manual version.
WARNING The selected Arduino framework version is not the recommended one. If there are connectivity or build issues please remove the manual version.
Failed config
api: [source /config/esphome/officesmartled.yaml:30]
encryption: [source /config/esphome/officesmartled.yaml:31]
Encryption key must be base64 and 32 bytes long.
key: bpoOq5M0meKrCk1gyBcyJ1Nk0whzjCYm [source /config/esphome/officesmartled.yaml:31]
Is it because I am using older version 2.7.4 of ESP framework? I used it because in past this was easy way to fix error with smartLED. My config looks as below:
esphome:
name: officesmartled
esp8266:
board: d1_mini
framework:
version: 2.7.4
wifi:
ssid: "********"
password: "**********"
# Static manual IP
manual_ip:
static_ip: ***.168.0.235
gateway: ***.168.0.1
subnet: ***.255.255.0
# Enable fallback hotspot (captive portal) in case wifi connection fails
ap:
ssid: "WemoMiniD1Hotspot"
password: "test****"
captive_portal:
# Enable logging
logger:
# Enable Home Assistant API
api:
encryption:
key: "bpoOq5M0meKrCk1gyBcyJ1Nk0whzjCYm"
ota:
password: "*****"
light:
- platform: fastled_clockless
chipset: WS2812B
pin: D4
num_leds: 50
rgb_order: GRB
name: "Office SmartLED"
id: office_ws2812b
effects:
- strobe:
- flicker:
- addressable_rainbow: