Iframe won't accept/see !secret

Hi,

using an iframe card to embed windy cards, like this:

  - type: iframe
    title: Rain
    aspect_ratio: 100%
    url: >
      https://embed.windy.com/embed2.html?lat=lat&lon=lon
      &zoom=5&level=surface&overlay=rain&menu=&message=true&marker=&calendar=
      &pressure=&type=map&location=coordinates&detail=true&detailLat=lat&detailLon=lon
      &metricWind=default&metricTemp=default&radarRange=-1


shows fine. Since these urls contain the lat/lon, I’d like to move the full url to secrets.yaml and simply config like:

  - type: iframe
    title: Rain
    aspect_ratio: 100%
    url: !secret windy_rain

which errors out saying 54 which of course it is…

how are you defining it in your secrets?

tried various options, lastly:

windy_rain: >
  https://embed.windy.com/embed2.html?lat=lat&lon=lon
  &zoom=5&level=surface&overlay=rain&menu=&message=true&marker=&calendar=
  &pressure=&type=map&location=coordinates&detail=true&detailLat=lat&detailLon=lon
  &metricWind=default&metricTemp=default&radarRange=-1

tried it with all on 1 line also, didn’t work

quotes should work oneline or not.

windy_rain: "https://embed.windy.com/embed2.html?lat=lat&lon=lon
  &zoom=5&level=surface&overlay=rain&menu=&message=true&marker=&calendar=
  &pressure=&type=map&location=coordinates&detail=true&detailLat=lat&detailLon=lon
  &metricWind=default&metricTemp=default&radarRange=-1"

will try, thanks.
its just that this works fine

bing_locatie_name: >
  https://dev.virtualearth.net/REST/v1/Imagery/Map/Road/
  {{ state_attr('device_tracker.life360_name','latitude') }},
  {{ state_attr('device_tracker.life360_name','longitude') }}/14?mapSize=500,500&pp=
  {{ state_attr('device_tracker.life360_name','latitude') }},
  {{ state_attr('device_tracker.life360_name','longitude') }};54;
  &key=longkey

for a camera image

well what do you know.
Had another issue with the !secret for the dark sky sensors, also newly added to secrets file. Rendered the same issue while all other (older ones) where loading fine.

Gave it a hard refresh/cache clear in the browser (not the three dots top left refresh) et voila, the Darksky sensor is live and the 3 windy iframes I had configured.

Don’t really understand that because the secrets have nothing to do with page refreshing do they? all backend in this case I would have thought.

so, more than 1 way to use the longer lines in secrets.
1 thing to take into account with these urls is the & sign should not end the line, but start a new line. Otherwise the url is broken, no matter the multiline notation or quotes

Not sure, it’s possible that lovelace will refresh the secrets file. I haven’t dug that far into it.

In my case I am using “window.location.hostname” to resolve host from the client browser in order to have it working with internal and external HA url. The only thing is, I do not know how to use secret in my case.

Here is my code but it is not working, it is complaining about Unexpected token ‘!’.
Workaround is to use config-template-card and “states[‘input_select.password’].state” but I would like to use secret everywhere if possible.

type: custom:config-template-card
entities:
  - input_select.password
card:
  type: iframe
  style: |
    #root {
      height: calc(100vh - 48.5px);
      padding-top: 0 !important;
    }
  url: >-
    ${'http://'+window.location.hostname+':20530/sysmanager.php?username=amilino&password='+secret! password}

This is alternative that works, but not what I want in the end.

  url: >-
    ${'http://'+window.location.hostname+':20530/sysmanager.php?username=amilino&password='+states['input_select.password'].state}

Ever found a solution to this secret conundrum?

I used input.select on the iframe page:

url: >-
    ${'http://'+window.location.hostname+':20530/sysmanager.php?username=amilino&password='+states['input_select.1nuc_root_password'].state}

and input select configuration:

1nuc_root_password:
  name: Password
  options:
    - !secret 1nuc_root_password
  icon: mdi:account-key