HA is not reading from secrets file

ejbrownie · March 11, 2025, 1:43am

I am working to add Amazon Polly to my HA setup. If I enter the API key information directly into my tts config entries, it works just fine. If I try to use secrets values, it states it cannot read from the secrets file. I have confirmed secrets.yaml is in the correct path /config/secrets.yaml. Here is my tts setup:

tts:
  - platform: amazon_polly
    aws_access_key_id: !secret aws_access_key_id
    aws_secret_access_key: !secret aws_secret_access_key
    region_name: "us-east-1"
    text_type: ssml

Here are my values in secrets.yaml (redacted)

aws_access_key_id: KIBREDACTED
aws_secret_access_key: rgredacted

What can I look at next to figure out why HA isn’t getting the values from secrets.yaml?

tom_l · March 11, 2025, 1:53am

Did you restart HA after adding the secrets?

ejbrownie · March 11, 2025, 1:58am

Yes I did.

michaelblight · March 11, 2025, 4:06am

Could there be invalid YAML in your secrets file? If this was the case you’d probably expect something in the logs - anything there?

ejbrownie · March 11, 2025, 4:20am

I don’t see anything in the logs regarding secrets. I followed a guide to looked for abnormal characters in the secrets file and to make sure it had the right permissions and it seems to.

WallyR · March 11, 2025, 4:32am

The right path is probably config/esphome/secrets,yaml, but this sounds like you are editing the file directly and not just using the “secret” menu option in ESPHome builder.

stevemann · March 11, 2025, 4:42am

ESPHome uses a different secrets file from Home Assistant.

This is the contents of my secrets file in /config\esphome/secrets.yaml

# Use the secrets file in config
!include ../secrets.yaml

This way I only have one secrets.yaml file

tom_l · March 11, 2025, 5:04am

Is this an ESPHome thing though?

Nothing they have said indicates this is the case and it is not in the ESPHome category.

This core integration is what I thought they were talking about:

WallyR · March 11, 2025, 5:23am

Ohh, for some reason I never thought that HA itself can have a secrets file too, so I just assumed.
It makes sense though, so just me not thinking logical.

tom_l · March 11, 2025, 5:24am

It had secrets long before esphome was even a thing.

WallyR · March 11, 2025, 5:26am

yeah probably, but I first hit the thing with ESPHome and never went the extra step.
It makes sense though.

ejbrownie · March 11, 2025, 3:08pm

Should I try removing the old secrets file and creating a new one? If so, what is the procedure for that?

fleskefjes · March 11, 2025, 3:23pm

You could rename the current file to something else and create a new.

ejbrownie · March 11, 2025, 4:01pm

Ok, here’s what I’ve done to test.

I created a sensor to pull the secret values from the secrets file to confirm if it’s really a secrets issue.

- sensor:
      - name: Polly Key
        state: !secret aws_access_key_id
  - sensor:
      - name: Polly Access
        state: !secret aws_secret_access_key

As you can see here, it is pulling the values meaning it’s not a secrets file issue:

So then I move the tts platform to it’s own tts.yaml file and did an include in the configuration.yaml.

tts: !include tts.yaml

These changes made no difference. Amazon Polly still wouldn’t load.

I tired adding a quote around the secret keys based on another post I read.

aws_access_key_id: "!secret aws_access_key_id"
aws_secret_access_key: "!secret aws_secret_access_key"

That didn’t work either.

It appears that the only way to get the Amazon Polly integration to work is to put the keys right into the tts configuration. Should this be reported as a “bug”?