How to get the secret value into template?

Hi

I’m currentrly trying to get the value (code pin on keypad) and check if it’s the same than alarm panel where the code pin is into the secret.yaml.

How can I do to get back this value ?

In the same time, how to load the value from trigger ?

This is what I tried but I don’t know what to do for the secrets.code from secrets.yaml file

- alias: "Alarm Centralite Entering Wrong pinCode"
  trigger:
    - platform: mqtt
      topic: zigbee2mqtt/centralite
  condition:
    - condition: template
      value_template: "{{ secrets.code != trigger.payload_json.action_code }}"   =======> here is the main problem
  action:
    - service: mqtt.publish
      data:
        topic: zigbee2mqtt/centralite
        payload: "{\"action\": \"invalid_code\",\"action_code\": \"{{trigger.payload_json.action_code}}\",\"action_zone\": 0,\"action_transaction\": 99}"
    - service: notify.notify_events
      data:
        message: "Attention, mauvais code pin ({{trigger.payload_json.action_code}}) entré sur l'alarme"    ====> here is the syntax, not sure it's allowed.
        data:
          level: 'warning'
          priority: 'high'

Thank you for your help

I don’t think you can use a template to extract a value from secrets file

The contents of the secrets file are used by the YAML processor and not by the Jinja2 interpreter.

When you do this in configuration.yaml

    sender: !secret smtp_email_address

The !secret smtp_email_address is handled by the YAML processor on startup. It looks up smtp_email_address (in the secrets file) and supplies the associated value.

The Jinja2 interpreter has no access to the secrets file.

Alright that confirm what I already read on old threads in 2018.

So @123 what do you suggest about it? Is there any way to have the possibility to compare or know if the passcode is good with the HA alarm?

And from your point of view, my code is it correct with the syntax of trigger in the service notify for example?

Thank you. I’m a little bit confused on the syntax and possibility about to get the alarm code and check it

Like others pointed out, not directly.
If it’s a one-use situation, you can workaround with an input_text entity:

Secrets:
ForYourEyesOnly: this

Config:

input_text:
  secret_pin:
    name: TooManySecret
    initial: !secret ForYourEyesOnly

You can then use input_text.secret_pin in lovelace.
Not my original idea, saw this here a while back

secrets.yaml

code_evaluator: "{{ 123456 != trigger.payload_json.action_code }}"

(where 123456 is your code)

Then your automation’s condition becomes

  condition:
    - condition: template
      value_template: !secret code_evaluator

very nice solution. Sometimes, I’m wondering how you discovered this ?

Really it’s the first time I see it. Thank you

!secret in homeassistant just means ‘replace this with the corresponding entry from secrets.yaml’, so if you want to use something secret you have to replace the whole value.

Ah yes indeed, I didn’t realized that the name could be changed ( I thought that the code_evaluator was a special name for that)

It’s just a variable where instead of use only the pincode as value, you put an evaluated expression.

Anyway, it’s was finally trivial but thanks

@anon43302295 last question around of alarm automation for you

I think in this case I have no choice except create a template sensor and use it after iin my automation but I want enable it and disable it when I’m at home and I leave.

This is my automation but with a sensor that we can read into Lovelace
Is it a wa to avoid it ?

- alias: Enable Alarm Not At Home
  id: dssssqsd34
  trigger:
    - platform: state
      entity_id: person.me
      to: "not_home"
  action:
    service: alarm_control_panel.alarm_arm_away
    data_template:
      entity_id: alarm_control_panel.alarm
      code: "{{ sensor.pincode }}"

- alias: Disable Alarm At Home
  id: dsssssscdgfddsqfsddddfsdfssdfdsdfds9880880989
  trigger:
    - platform: state
      entity_id: person.me
      to: "home"
  action:
    service: alarm_control_panel.alarm_disarm
    data_template:
      entity_id: alarm_control_panel.alarm
      code: "{{ sensor.pincode }}"  ============+> syntax is good ? with `"` ? Is there a differnt way to avoid to display the secret value ?

Thank you

Regards

Your example doesn’t appear to use mf_social’s suggestion. Shouldn’t you be doing something like this:

  action:
    service: alarm_control_panel.alarm_arm_away
    data:
      entity_id: alarm_control_panel.alarm
      code: !secret pincode

where pincode is a key in secrets.yaml containing a template?

BTW, this is an invalid template:

"{{ sensor.pincode }}"

Perhaps you meant to use something like this:

"{{ states('sensor.pincode') }}"

I know it’s not what suggest mf_social but I used it’s solution for my automation where I needed the code as conditions.

I’m not sure to have the possibility to use it for the last automation where you answered.

Maybe I’m still confused yet…

In secret yaml I wrote:

alarmPinCode: "{{ '1234' }}"

and in the alarM;yaml

  ....................................
  action:
    service: alarm_control_panel.alarm_disarm
    data_template:
      entity_id: alarm_control_panel.alarm
      code: !secret alarmPinCode

Is it like that I should do ?

Thank you

BTW: Thanks about the wrong syntax that I did with the sensor

I don’t understand why you have that as a template.

Just do this:

alarmPinCode: '1234'

Afterwards, in your automation, the YAML processor will change this line:

      code: !secret alarmPinCode

to this:

      code: '1234'

Oh alright. Sorry, I see what you mean
I fixed it Thanks

variables: 
  password: !secret pincode

condition:
  - condition: template
      value_template: "{{ password=='abc' }}"