I have added a component to my config that uses !secret to import sensitive values and it is working fine locally where I have my secrets.yaml file.
Naturally I don’t want to include this data in my git repo, however this is causing my GitLab CI to fail with “secret not defined”
$ hass --script check_config -c .
INFO:homeassistant.util.package:Attempting install of colorlog==4.0.2
Testing configuration at /builds/[username]/hass-config/.
Failed config
General Errors:
- Error loading /builds/[username]/hass-config/./configuration.yaml: Secret something_sensitive not defined
Successful config (partial)
ERROR: Job failed: exit code 1
Is there an additional flag I can pass to the config check script or some low maintenance way of handling this situation?
You create a redacted version of your secrets.yaml and upload it to your repo, then get your ci script to rename the redacted one to secrets.yaml before processing the config check.
Yes, the real secrets file never goes to your git server because it is in gitignore, so you don’t have a secrets.yaml there. When the CI runs it renames the fake one to secrets.yaml so now you do have one and the config checker can do it’s thing.
Look at my repo, the CI script is in .circleci and the fake secrets is in .bin/github_resources