ESPHome encryption key is invalid


I’m trying to install an ESP32 and when I try to configure it in Home Assistant I always get this:

I have tried multiple keys generated from here: Native API Component — ESPHome
I have tried creating a password, I also tried to disable the encryption, commenting the api section but I always get asked for the encryption key but it’s always invalid.

Right now, the start section of my code looks like this:

  name: sensores

  board: esp32dev
    type: arduino

# Enable logging

# Enable Home Assistant API
  password: !secret api_password
    key: "VEd2HRtV8kO7D1KV26anQctVYdSRW9nda5fCVfxKn94="

What can I do?

What I think is happening is that even when my ESP32 is conecting to Wi-Fi and is getting recognised by Home Assistant at first, in the image you can see that the first sentence is missing something, like the name of the device or something like that.

The Changelog for 2022.5.0 says

API Transport Encryption

API transport encryption is now enabled by default when you create a new device in ESPHome. This will autogenerate a random encryption key in the device YAML file that you will need to retrieve when you attempt to add the device to Home Assistant. Simply remove the encryption key lines from your YAML should you choose to not use encryption.

I read that, that’s why I try commenting that part but it doesn’t seem to work, I also tried deleting it. In both cases I’m still asked for the encryption key.

I assume you have compiled and uploaded?

Yes, everything looks fine in that area, it even connects to the Wi-Fi and Home Assistant recognizes it.

So is there still a problem?

Yes, it always print that error of the beginning. With or without the encryption code.

The beginning of what?

Of this topic.

I tried using another board, from a different maker and it works.

Same code (just different autogenerated key) and it works fine.

I am experiencing the exact same issue, but the problem is also within ESPHome Web UI.

The log is displaying the following:

INFO Starting log output from grenier.local using esphome API
WARNING Can’t connect to ESPHome API for grenier.local: Invalid encryption key
INFO Trying to reconnect to grenier.local in the background

Because Maybe this issue is recent and still not corrected?

PS: I don’t have an extra board to test, so this cannot be solved this way.
PS2: My personal guess is that when an ESPHome device was previously added to your integrations, it will keep previous encryption key in memory and prevent you from adding a newly generated encryption key for that same board with the same name.

1 Like

I think that your guess is not correct, in my case the first device (I’ll call it D4*) was new, I got it and tried to use with ESPHome directly.

In my case, the device I have connected now with the encryption key was an ESP32 (I’ll call it D1*) that I previously had with ESPHome but changed it to use it with ESPresense while i got the new ESP32 that fails to connect with the encryption key.

I knew, or at least hoped, that if I changed D4 with D1, D1 would worked with ESPHome.

Now I have D1 with ESPHome again, and D4 with ESPresense.

TLDR: I had D1 with ESPHome working. I tried with D1 ESPresense, so I bought D4 and configured it with ESP32, but it didn’t worked and started this Topic. I solved using D1 again with ESPHome, and D4 with ESPresense.

*D is for Device. D1 is the first ESP32 I got time ago, D4 is the fourth I have.

I’m having the same exact issue. I deleted a ESP8266 from home assistant then reinstalled it over USB and I keep getting the invalid key error. It looks like the ESP remembers the previous key and won’t overwrite it even using USB.

I found a solution to fix the invalid key error when reinstalling an ESP from home assistant. Go to and initialize the device from there using the prepare for adoption button. Then go back to home assistant, and it should be working again!

1 Like

I think there are some parts of an esp’s memory that are not changed by normal flashing. I know that they can retain wifi settings when flashing a completely different firmware - I have experienced this.

Maybe the encryption key is being stored in one of those areas.

I think the problem here is a bug in the initialization process in Home assistant. It looks like it’s using stale files from a previous initialization.

Having the same issue, im using the wroom 32 (esp32-s) module

I’m trying to reflash the device

How do I get into pairing mode ?

" A fatal error occurred: Failed to connect to ESP32-S2: Wrong boot mode detected (0x13)! The chip needs to be in download mode. For troubleshooting steps visit: Troubleshooting - ESP32 - — latest documentation INFO Upload with baud rate 460800 failed. Trying again with baud rate 115200. v3.3.1 Serial port /dev/ttyUSB1 Connecting… A fatal error occurred: Failed to connect to ESP32-S2: Wrong boot mode detected (0x13)! The chip needs to be in download mode. For troubleshooting steps visit: Troubleshooting - ESP32 - — latest documentation


I ran into the same problem and resolved it by shortening the name.

It had been
however, once I renamed it to

I think I read someplace that the limit is 25 characters - not sure on this point, but in any case the change worked for me.

same problem here, i guess when you first initialize and download to esp it has an api key.
home assistant detects the new esp device with the api key but you don’t add it

then you edit the esp yaml and delete the api key
you download again

now you try to add it in home assistant and then the error will come.

shortening the name, starting from scratch all helps cause you start with a new integration
just add it before editing the esp or keep the api key is a solution

I have the same problem.

Two D1 minis - the first was programmed with the automatic encryption key and wouldn’t work. I errased the key and tried again and was still asked for the encryption key. The second D1 mini was programmed with the same code but had never has an encryption key… and it worked without problems and could be re-rogrammed repeatedly without problems. None of the previous ideas allowed the first D1 mini to connect to WiFi.

I then tried the same unit with Ardunio using some of the example sketches. It would program ok but wouldn’t connect to the router.

Looking at the Arduino code there are multiple forms of the wifi.begin() function using ssid/password and ssid/keyindex/key. I don’t know underlying code for ESPHome but assume that there is something similar to the last initialisation form but the simple ssid/password form doesn’t clear down some setting and the device is left in a state where it still expects an encryption key.