For those interested, this is what I ended doing.
I used a simple app-daemn service which takes the secrets as input parameters and outputs the token to a dummy sensor that I can later read.
The advantage of this is that I only need to define a new appdaemon app where I can actually use !secret password, so I can keep things clean and tidy.
Here are the actual files:
in apps.yaml:
get_token:
module: get_token
class: GetToken
user: !secret reolink_user
password: !secret reolink_password
url: http://192.168.0.121/cgi-bin/api.cgi?cmd=Login&token=nul
the module named get_token.py:
import appdaemon.plugins.hass.hassapi as hass
import requests
class GetToken(hass.Hass):
def initialize(self):
self.run_every(self.fetch_token, self.datetime(), 3600)
def fetch_token(self, kwargs):
user = self.args["user"]
password = self.args["password"]
login_url = self.args["url"]
params = [{"cmd":"Login","action":0,"param":{"User":{"userName": user,"password": password }}}]
request = requests.post(url = login_url, json=params)
token = request.json()[0]["value"]["Token"]["name"]
self.log("fetch token result: {}".format(request.status_code))
self.set_state("sensor.reolink_token",state=token)
Then I just use the result like this in a script:
"camera_to_hall":
alias: Camera to hall
sequence:
- service: rest_command.reolink_ptz
data:
ptz_id: 5
data_template:
token: {{ states('sensor.reolink_token.state') }}
Thanks to everybody that tried to help me.