Hi all.
I’m new here and still getting my head around/being delighted by Hass.
I’ve set up credstash as an alternative to secrets.yaml. It works, I can create, retrieve, list and delete passwords using AWS.
However, the config still insists that secrets.yaml is used. I don’t see how to tell it to use AWS instead.
Any help or clarification gratefully received.
Hello
Did you solved?
Claudio
Hi,
Some of my platforms now work with credstash; some still insist on secrets.yaml.
My platforms which work with credstash are nest, lutron and dark_sky.
Those that don’t work for me are google_API, somfy and withings.
Peter
I solved: you need to create an empty secrets.yaml.
This is not clear in docs
Alas, that doesn’t work for me. Home Assistant fails to load, complaining that is can’t find google_API in secrets.yaml, though it exists in a credstash list. It behaves similarly if I omit the somfy or withings credentials from secrets.yaml.
Did you see how I solved?
If you to the test of the configuration, do you see that the AWS db is loaded?
Hi @claudioala80, I tried that but it didn’t work for me.
Finally I have solved it, at least for my configuration. I now have no secrets.yaml file.
My setup is Home Assistant Core in a Python virtual environment set up exactly as described in https://www.home-assistant.io/docs/installation/raspberry-pi.
If I run ‘credstash list’, I see all my secrets. I can run ‘credstash get ’ and it returns the correct value.
I then looked at the way in which Home Assistant retrieves the values.
This led me to /srv/homeassistant/lib/python3.7/site-packages/homeassistant/util/yaml/loader.py.
This script imports a module called credstash then gets the value with a call to ‘credstash.getSecret(node.value, table=_SECRET_NAMESPACE)’.
_SECRET_NAMESPACE is resolved in const.py in the same directory. In my setup, const.py hard codes _SECRET_NAMESPACE as “homeassistant”.
This means that Home Assistant was looking in a DynamoDB table called “homeassistant” whereas I must somehow have change my default to some other table.
A bit googling showed that credstash can be called with a table name. If I used ‘credstash -t “homeassistant” list’, only those secrets which worked were listed.
So I deleted all the secrets in my default table, (‘credstash delete ’) and added them to the “homeassistant” table (‘credstash -t “homeassistant” put ’).
I hope that helps someone.