HI,
Never noticed this before, but today when checking the configuration in the terminal by typing hassio ha check it errored out with all passwords and other info read from secrets.yaml.
This must be a bug…?
Anyone else seen this?
Yes it does that but it’s only local…
That’s good to know… but how can we be sure?
still, I do believe I’ve never seen it before, is this new?
I don’t think so. I noticed it last week only because I was looking in the log for the addon and saw my user name and password.
How can you be sure of ‘what’? I don’t see any problem with it doing this… secrets is really only/most useful if you are sharing a configuration or settings… I suppose you would need to be vigilant if you were posting the addon log though…
no, I mean this is in the regular error log, and has nothing to do with an addon, I simply made a typo in a value_template…
Testing configuration at /config
Failed config
automation:
- Invalid config for [automation]: [condition] is an invalid option for [automation]. Check: automation->action->1->condition. (See /config/configuration.yaml, line 94). Please check the docs at https://home-assistant.io/components/automation/
I always check the log after each change and before each restart… both in the terminal and in the HA configuration page.
pretty sure this wasn’t there before, and, it shouldn’t be really. Makes it even more of a hassle to share the error logs when posting on the community.
I don’t see any secret there…
I have had to do a search and replace on my duckdns domain before posting etc…
lol, no this was to show you what the log errored out about, and it not being an addon log… the secrets are below ;-(
the domain isn’t in there, but several passwords, ip addresses, the lat/longs of still camera’s, login’s etc etc.
Hahahaha - I’ve never seen that kind of thing in the normal log…
exactly. well you could test it, make a mistake in an automation template, and try hassio ha check…
If it’s only in the output of that command in ssh it doesn’t sound like a problem…
true, but as said, how can we be sure? Since this is apparently a new feature (forgive me if I havent read all release notes if not), it might well be changed in other places too.
Do like the new [source] in the same log, makes it easier to debug. Secrets should be hidden by default imho.
I don’t understand your concern…
maybe its mostly this, the fact that secrets aren’t secrets at all… I think we new that already, since there’s a lot of discussion on the secrets, and whether or not they should be encrypted etc etc.
Secrets.yaml in fact is nothing more than a separate file to store the sensitive personal info in you don’t want to share directly in your configuration files when posting on the community/github.
By showing all that info now in the log, even that has become more difficult and more of an effort. Of which we don’t already have enough… 
so, depending on one’s perspective, it’s either not important, or an inconsistent step in the development of a true secure home-automation system, in which gladly so much effort has been invested lately.
I guess where this could actually be a privacy issue is when having multiple users. Any user can see the log and if an error was to come through with a password etc, then that user (whom you may not want to have that info) could see it. As far as I know HA doesn’t have different user permission levels just yet so any user could get though to the same settings / config as yourself, but I imagine this is due to change in the near future, allowing us to have restricted users, and in that case we wouldn’t wont those people seeing a log full of secrets
Do you mean check config from the configuration - general menu and then the secrets appear in the home-assistant.log?
yes, that’s what i did, or the hassio ha check. both do the same? I always have the logfile open in my console…
I just checked but I’m not seeing any secrets in the log.
you have to create an error first 
I did as I’m very good at that
Did you set a specific log level?
not really, i think:
# https://home-assistant.io/components/logger/
# Possible log severities: critical, fatal, error, warning, warn, info, debug, notset
default: error
logs:
ayncio: debug
# homeassistant.components.device_tracker: warn
# homeassistant.components.mqtt: warn
# homeassistant.components.device_tracker.mqtt: info
# homeassistant.components.logbook: warn
# homeassistant.components.logger: warn
# homeassistant.components.hassio: debug
# homeassistant.components.weather: warn
# homeassistant.components.recorder: info
# homeassistant.components.python_script: warn
# homeassistant.components.script: debug
# homeassistant.components.nmap_tracker: error
# homeassistant.helpers.entity: critical
homeassistant.setup: info
# homeassistant.core: info
# homeassistant.helpers.condition: critical
# homeassistant.config.automation: debug
# homeassistant.components.websocket_api: warn
# homeassistant.components.switch: info
# homeassistant.components.binary_sensor.mqtt: debug
# py.warnings: critical
# homeassistant.components.hue: debug
# homeassistant.components.sensor.statistics: debug
# custom_components.custom_updater: debug
# custom_components.sensor.places: debug
# homeassistant.components.light.hue: debug