Trying to sanitize configuration.yaml and have a question about !secret replacement

How would I take the following username and password out and replace it with a !secret value? It should take 4 entries in the secrets.yaml file.

command_on: echo 'sudo docker exec addon_40817795_nut upscmd -u AAAA -p BBBB,sa drups test.battery.start.deep' | sshpass -p XXXXXXX ssh [email protected]

Thanks Matt

command_on: !secret my_secret_command

Then put the whole

echo 'sudo docker exec addon_40817795_nut upscmd -u AAAA -p BBBB,sa drups test.battery.start.deep' | sshpass -p XXXXXXX ssh [email protected]

in the secret.

command_on: echo 'sudo docker exec addon_40817795_nut upscmd -u AAAA -p BBBB,sa drups test.battery.start.deep' | sshpass -p XXXXXXX ssh [email protected]

The above can be changed to

command_on: !secret command_on

In your secrets.yaml file you would put

command_on: "echo 'sudo docker exec addon_40817795_nut upscmd -u AAAA -p BBBB,sa drups test.battery.start.deep' | sshpass -p XXXXXXX ssh [email protected]"

Note the use of double quotes vs single to avoid conflict with the single quotes in the command.

1 Like

I did not realize this would work. Anyway to leave the command and just parse the usernames and passwords?

I have a fairly large install and thought I would post it to github to maybe help others that could learn something from my mess. That set of commands was not something I would have found without help from the awesome forum. I am / was a total docker newb and want to give back a little to this project as I have been running Hassio for years, just on a pi.

Unfortunately not, unless whatever integration you are using supports separate key: value pairs for authentication. e.g. consider a restful command instead of a shell command if possible

Secrets can only be applied to the whole part of the value in a key: value pair.

Thanks Tom, I will test this asap and close the thread when it works!

Add a comment in your config file. I did this in the past for something where i needed to hide the majority of a line in a secret.

https://github.com/SilvrrGIT/HomeAssistant/blob/bfb1a0995ee8832f13d2d9fe596f2b8e3a1dbb75/sensors/addons.yaml#L12

Now we are at this… can I make files containg other codes by creating the files…

ex: !octoprint
!camera

so my config file will be easy to navigate?

You probably should start a new thread as your query doesn’t really relate to the secrets file, but this should help.