What do do if this alert doesn’t appear???
Also for one of my devices when I make this change it won’t actually flash the ESP32 as now it goes over the max amount of space… So that one will have to stick with the old password method instead of encryption key…
Just compile and upload an empty config with just minimum config (so it stays small), and then compile/upload a full config 
Thanks for the idea, but then it will still fail when I try to upload the full one afterwards so that doesn’t seem like a solution to me.
Have you tried? Usually the problem is that you need twice as much RAM as the image for an OTA update to fit both new and old at the same time. With an interim minimal config this should get around the problem.
during the compile it does mention the currently used ram, as well as the size of the new bin 
So you should know how much ram you’re short of 
If it is just a couple of bytes short, a minimum config would do the trick😁
Based on your and @Troon 's helpfull tips I gave it a try.
However I still get the same error:
Error: The program size (1895497 bytes) is greater than maximum allowed (1835008 bytes)
*** [checkprogsize] Explicit exit, status 1
RAM: [== ] 18.5% (used 60460 bytes from 327680 bytes)
Flash: [==========] 103.3% (used 1895497 bytes from 1835008 bytes)
I still don’t understand how it could have worked because even if I choose the ‘manual download’ option in ESPHome when generating the firmware it will throw that same error, and using that method it of course has no clue what config I currently have on the device and how much RAM it has available.
I don’t have much expertise on this front so likely it’s me not understanding 
Anyways it was worth a try.
That’s a shame, but we can’t be responsible for your lack of backups.
Removed esphome completely and did a new reinstall, updated all nodes… well removed all api: password mentions, that helped a lot. Took me half a day yippee but got the latest esphome version now.
I tried the encrypted key, but I can not see or find a place to generate a new one, so I tried a bogus one, just a random number character sequence well it worked, but slowed things down among which was compiling the code, uploading and running, so I thought better strip the whole API: thing.
I wonder what is the risk of NOT using encryption at all? Worse it can happen…?
Really? It is in the docs, and the first picture in the first post in this thread.
I guess worst is anyone on your lan can control or read your esp device.
If this is the only “bad” thing… 
If some uninivted person will be in my local network then ESP modules are at very bottom of my concern…
I have web page disabled on all my esp’s (so noone can connect to them via browser), but if i understand correct api is only used for connecting to HA… right?
Only saw a key there, already generated, when clicking the other things I was not taken to a place to generate another key. I know must be my fault, so I took the key printed there and well exchanged characters, problem solved in a way.
I understand all the safeties installed for a lot of users though, who like to access HA from outdoors, but I run my own version fully locally, and no internet access or anything.
So as Protoncek is also mentioning what is the biggest risk.
Each time you reload that docs page it generates a new unique key.
I think @Protoncek is right, it is a fairly low risk, but we should all use encryption where we can imho.
Yes the API is used to connect to HA. It has also been implemented in at least one other home automation platform. Can’t remember which one.
I don’t use any passwords or API keys and I can live with that. I never had a problem. 
When I replace my password with an encryption key, I get a red X by the encryption line with an error “[encryption] is invalid option for [api]. check the indentation.” Indentation is fine, I cut and pasted from ESPHOME instructions. Any ideas? My version of ESPHOME is 1.15.3
did you add
api:
encryption:
key: <the key you use>
Update to a version that isn’t over 2 years old…
ESPHome
Current version: 2022.12.8
