Nested secrets

tmatheussen · August 11, 2017, 8:51am

Hi guys,

I’m wondering if it’s possible to have a nested secrets structure? I quickly tried and it seems HA couldn’t handle it.
If not, consider this a feature request

What I had in mind is something like the variables in flexget (https://flexget.com/Plugins/variables)
Basically what it boils down to, is having the following structure in the secrets:

http:
  password: blabla
  ssl:
    cert: path/to/cert
    key: path/to/key

Which can then be used like:

http:
  api_password: !secret http.password
  ssl_cert: !secret http.ssl.cert

This brings off course a little extra typing work, but in my opinion, it is a lot easier this way, to keep track off all the secrets, and nicely bundle them together in a structured way. Those not wanting to use this feature, can still define them as flat keys and they would still work.

anon43302295 · August 11, 2017, 9:21am

From what I can see you’ve taken what is currently 3 easy lines in the secrets file, and turned them into 5 not so easy lines with the added complication of the references being more obscure.

Perhaps I missed something but I can’t see any advantage to this over the current approach.

tmatheussen · August 29, 2017, 12:57pm

Well, at first I had my secrets all named with either all lowercase or camelcase, which was getting hard to read. Even tried using underscores but still wasn’t to my liking.
I am now using the same structure with the dot in the middle, but got them named exactly the same in my secrets file. This way it more resembles closely a JSON structure, which makes a lot of sense for me, seeing as you can more easily group related stuff together.

What you mentioned is true, it does add complexity to the structure, for now the flat dot notations I use are sufficient enough for me

dailyherold · September 10, 2017, 9:37pm

I second this as well. I’m used to working with YAML variable files that allow nesting and was surprised that HA could not parse as I was cleaning up my config repo.

PeterSR · August 13, 2023, 1:24pm

I agree. When you are used to working with YAML files, this is the kind of behavior you expected.

NovoG93 · May 6, 2024, 2:51pm

Would be awesome as this is the expected behavior when working with YAML files

Ildar_Gabdullin · May 15, 2024, 5:14pm

May be I am missing something - but secrets can have a complex structure.

some_secret:
  min: 0
  max: 100
  step: 1
  mode: slider

input_number:
  some_number: !secret some_secret

A stupid example but it demonstrates the idea.

stevemann · June 5, 2024, 3:37am

I also don’t grok.
I only have one secrets file. The secrets file in ESPHome points to the main secrets file:

# U:\esphome\secrets.yaml
# Use the secrets file in config
!include ../secrets.yaml

I really don’t see any advantage to anything more complex than the current key:secret structure.