ESPHome Using Secrets with Substitution

EmnaX · December 13, 2021, 2:13am

Hello!

I recently updated Home Assistant to 2021.12.0 and ESPHome to 2021.12.0. Prior to the update, my yaml files for a NodeMCU would compile fine with substitutions used in a variable name for a secret. After the update, I get an error. My system also crashed during the update and I had to restore from a backup so it’s possible something else is going on here. Anyway, anyone else using substitutions in secret names successfully??

My NodeMCU yaml file (frame-b-status.yaml):

# This is a NodeMCU used to monitor the program run status for Frame B.

substitutions:
  # Variables
  frame: 'Frame B'
  frame_strict: 'frame-b' # must be [a-z] [0-9] or - or _

########################
## Unique Node Config ##
########################

# Enable Home Assistant API
api:
  password: !secret ${frame_strict}_api-ota_password

ota:
  password: !secret ${frame_strict}_api-ota_password

wifi:
  # Enable fallback hotspot (captive portal) in case wifi connection fails
  ap:
    password: !secret ${frame_strict}_fallback_hotspot_password

########################
## Common Node Config ##
########################

<<: !include common_config-V1-3.yaml
# Note, I haven't shown the contents of the common config since I don't
# think it is relevant. I can certainly add it if necessary.

My secrets.yaml file:

# All the passwords for my ESPHome devices

wifi_ssid_password: "monkey"

frame-b_api-ota_password: "monkey2"
frame-b_fallback_hotspot_password: "monkey3"

And the error I’m getting:

INFO Reading configuration /config/esphome/frame-b-status.yaml...
ERROR Error while reading config: Invalid YAML syntax:

Secret '${frame_strict}_api-ota_password' not defined
  in "/config/esphome/frame-b-status.yaml", line 14, column 13:
      password: !secret ${frame_strict}_api-ot ... 
                ^

So it seems like the variable ${frame_strict} isn’t getting replaced with the value frame-b before the search for the secret name takes place.

The thing is, this compiled fine yesterday and I have the code running on a NodeMCU… could this be a bug in the ESPHome 2021.12.0 release?

gfra · January 22, 2022, 5:38pm

Hi, I’m running into the same issue, can confirm that I get the same error in v2022.1.1, did you find any solution?

EmnaX · January 22, 2022, 9:11pm

Unfortunately not. It wasn’t too big a deal for me though. I was planning on using unique passwords for the series of devices but instead I’m just using the same password for each device now.

gfra · January 23, 2022, 12:34pm

It looks like it is not possible by design, see link. I ended up having a secret file for each device.

github.com/esphome/issues

Substitutions and secrets conflicts

opened 03:47PM - 26 Jun 19 UTC

closed 07:33PM - 26 Jun 19 UTC

SH-Solutions

integration: substitutions

**Operating environment/Installation (Hass.io/Docker/pip/etc.):**  **ESP8266 Wemos D1 mini R2 Board**  **Affected component:**  substitutions **Description of problem:** Its not possible to use "substitutions" together with the "! secret xxx" feature if the required secret contains a "$" sign. And maybe also with "-" (dash) sign? **Problem-relevant YAML-configuration entries:** ```yaml PASTE YAML FILE HERE ``` **Logs (if applicable):**  ``` INFO Reading configuration... WARNING Found '$mySecret' (see substitutions->ota_password) which looks like a substitution, but 'mySecret' was not declared WARNING Found 'my$Se-cret' (see mqtt->password) which looks like a substitution, but 'Se' was not declared Failed config ``` **Additional information and things you've tried:**

EmnaX · January 24, 2022, 1:26am

Oh that’s a good idea. I may switch things around to use a unique secrets file for each device. Thanks!

Also, good find on the GitHub issue. I had searched for one but didn’t fine one.