+1 I would like this also.
I am trying to set an automation with a required password from the UI.
So I wanted to do the following but it doesn’t work.
condition:
- condition: template
value_template: "{{ states.input_text.action_password.state != !secret action_password }}"
One issue with this is that hidden text_input components still show up in the states panel. So password is revealed in plain text through the UI.
Maybe you could clear the password straight after using it? Would limit the time it is visible but I get your problem. One way around that if you are that worried would be to use a python or bash script. Call that with the shell_command component and write it to a text file. To use it use a python script to trigger what ever you want withing home assistant using the input from that text file. Or go the AppDaemon route. That would probably be easier if you already have AppDaemon running.
~Cheers
I would love to see this, as putting the WHOLE template into the secrets file is messy and makes code reuse useless. It also hides the actual code function!
E.G.
What we want (Note, not working):
camera:
- platform: generic
still_image_url: >
{% if is_state('binary_sensor.image_2_source_online', 'on') %}
!secret image_url_2
{% else %}
https://localhost/local/blank_display.jpg
{% endif %}
The only way to make it work!
camera:
- platform: generic
still_image_url: !secret image_url_1_template
secrets.yaml
image_url_2_template: ‘{% if is_state(“binary_sensor.image_1_source_online”, “on”) %} http://xxx.xxx.xxx.xxx/picture/2/current/?_username=admin&_signature=clashhuhwhe8ufiohdiijjsi9sjmisji {% else %} https://localhost/local/blank_display.jpg {% endif %}’
I did not know you could do this. But still yeah…we are probably not getting secrets in the templating engine as it was up for debate already and decided against it.
~Cheers
Sucks, what’s the alternative? Throwing templates into secrets?
Only way I see it working for now, yes. Or using AppDaemon with a seperate secrets file maybe…but that would be overkill imho.
~Cheers
With the new template alarm panel, this feature would also be really useful!
I will love to understand what the motivations behind this decision are. I don’t understand the security concerns
I have to add that the the workaround with template sensor is not universal, here is an example:
I often have some parameters as secrets and use them to init my components on HA start.
If I need to use it not in a template, !secret my_secret always does the job.
On the other hand, if I create a template sensor to access the secret in another template sensor, on HA startup there is no guarantee that secret template already exists so I will get unknown instead of my_secret.
By not giving us a way to access constants in both templates and normal automations HA makes its use unnecessarily complicated and simply limits our abilities. Pretty sad that there is still no solution to that.
Yes, completely agree.
I want to add that I think that having to store a secret on a template input is even less secure, because it is not treated as a secret anymore. It is just another device and for that reason it appears on the dashboards, gets registered on the logs and even appear on the historic register, so you can see an historic of all the secrets that has been on that input.
You sir are an absolute God. There was no way I could have a secret inside my jinja2 code and I really needed it. Following your advice I put the whole logic of deciding on the secret , into a new secret and then passed that secret to the configuration!
Worked to perfection!
Not sure if this has been said, but if you use non-front-end script YAML, secrets work just fine.
# /config/configuration.yaml
...
script: !include_dir_merge_named configuration/scripts/ # Load any .yaml in this dir
...
# /config/configuration/scripts/_scripts.yaml
!include ../../scripts.yaml # Let's us keep the front-end scripts.yaml working
...
# /config/configuration/scripts/back_end_scripts.yaml
set_layout_redtail:
alias: Set Layout PC
sequence:
- service: script.turn_on
target:
entity_id: script.layout_windows
data:
variables:
username: !secret redtail_user
ip: !secret redtail_ip
layout: '{{ states("input_select.screen_layout_redtail") }}'
mode: single
icon: mdi:monitor-multiple