I have added a component to my config that uses !secret to import sensitive values and it is working fine locally where I have my secrets.yaml file.
Naturally I don’t want to include this data in my git repo, however this is causing my GitLab CI to fail with “secret not defined”
$ hass --script check_config -c .
INFO:homeassistant.util.package:Attempting install of colorlog==4.0.2
Testing configuration at /builds/[username]/hass-config/.
- Error loading /builds/[username]/hass-config/./configuration.yaml: Secret something_sensitive not defined
Successful config (partial)
ERROR: Job failed: exit code 1
Is there an additional flag I can pass to the config check script or some low maintenance way of handling this situation?
You create a redacted version of your secrets.yaml and upload it to your repo, then get your ci script to rename the redacted one to secrets.yaml before processing the config check.
See my repo for a working example.
That seems about as straightforward as possible, thanks
I have been looking on your github, I cant find the solution how to fix the secrets file.
I have same issue as OP.
- hass --script check_config -c .
I don’t know what ci that’s for, but at a guess try something like
mv redacted_secrets.yaml secrets.yaml
hass --script check_config -c .
I’m using gitlab, it’s my first auto CI tool
So I should create a dummy secrets file and replace it with a real one?
In my repository I have
mv not_secrets.yaml secrets.yaml in my CI
Not exactly. You create a dummy secrets file, and then tell your ci to rename it to secrets.yaml before it runs the config check.
but the local real secrets files remains unchanged and is included in the .gitignore file?
Yes, the real secrets file never goes to your git server because it is in gitignore, so you don’t have a secrets.yaml there. When the CI runs it renames the fake one to secrets.yaml so now you do have one and the config checker can do it’s thing.
Look at my repo, the CI script is in .circleci and the fake secrets is in .bin/github_resources