Use secrets from secrets.yaml in node red flow?

flecmart · February 3, 2020, 12:44pm

Hi all,

i am evaluating node red as my new automation brain for home assistant. Is it possible to use secrets with node-red?

Thanks,
Martin

serkank · February 3, 2020, 3:23pm

I am not sure you can use secrets.yaml file inside node-red.
What is your need? not for the ‘secrecy’ purposes but node red has this global context for using a value in different flows. it’s handy for changing ip addresses or access codes.
https://nodered.org/docs/user-guide/writing-functions#storing-data

flecmart · February 3, 2020, 4:39pm

I have some automations utilizing secrets from secrets.yaml in the action part (e.g. a code for the alarm). I figured I could just wrap that part in a script and then call that from node red but that feels like a workaround.

I am still unsure which of my automations are worth migrating… At the moment I have the most in yaml, a few complex automations in App Daemon and now starting with node red. I guess all of them have their strengths and weaknesses…

subzero79 · February 3, 2020, 11:55pm

You can read the secrets.yaml transform it into json and then use a function node to set them as flow or global context

[{"id":"faa8d9b.e447228","type":"file in","z":"5ff51b5.61899e4","name":"secrets","filename":"/srv/hass_storage/home/.homeassistant/secrets.yaml","format":"utf8","chunk":false,"sendError":false,"encoding":"none","x":510,"y":420,"wires":[["afaa4271.867b"]]},{"id":"aca5b68f.d6e808","type":"inject","z":"5ff51b5.61899e4","name":"","topic":"","payload":"","payloadType":"date","repeat":"","crontab":"","once":false,"onceDelay":0.1,"x":340,"y":420,"wires":[["faa8d9b.e447228"]]},{"id":"afaa4271.867b","type":"yaml","z":"5ff51b5.61899e4","property":"payload","name":"","x":650,"y":420,"wires":[["5c50d4b5.6ecf7c"]]},{"id":"5c50d4b5.6ecf7c","type":"function","z":"5ff51b5.61899e4","name":"","func":"for (let [key, value] of Object.entries(msg.payload)) {\n  flow.set(key,value);\n}\nreturn msg;","outputs":1,"noerr":0,"x":790,"y":420,"wires":[[]]}]

wuench · February 4, 2020, 12:09am

The node red equivalent of secrets.yml is the Credentials node.

paulstronaut · February 4, 2020, 3:15am

Which must be installed from node-red-contrib-credentials

There is also node-red-contrib-secret

flecmart · February 4, 2020, 6:04am

Thank you all for your suggestions. I can make it work with these

EricE · May 25, 2021, 3:45am

Updated to work on Hass OS; reads secrets.yaml into Node Red global context:

[{"id":"9d7cd8ae.f2fe48","type":"tab","label":"Startup","disabled":false,"info":""},{"id":"24ebb2e2.2f6ffe","type":"file in","z":"9d7cd8ae.f2fe48","name":"Read secrets.yaml","filename":"/config/secrets.yaml","format":"utf8","chunk":false,"sendError":false,"encoding":"none","x":430,"y":100,"wires":[["2c59ff99.2affc"]]},{"id":"2c59ff99.2affc","type":"yaml","z":"9d7cd8ae.f2fe48","property":"payload","name":"Parse yaml","x":630,"y":100,"wires":[["9e7c7d2d.fdeb8","c48e6ced.92e06"]]},{"id":"9e7c7d2d.fdeb8","type":"function","z":"9d7cd8ae.f2fe48","name":"Set global config vars","func":"for (let [key, value] of Object.entries(msg.payload)) {\n  global.set(key,value);\n}\nreturn msg;","outputs":1,"noerr":0,"initialize":"","finalize":"","libs":[],"x":840,"y":100,"wires":[["7b269044.2e33"]]},{"id":"c48e6ced.92e06","type":"debug","z":"9d7cd8ae.f2fe48","name":"yaml","active":true,"tosidebar":true,"console":false,"tostatus":false,"complete":"true","targetType":"full","statusVal":"","statusType":"auto","x":790,"y":160,"wires":[]},{"id":"7b269044.2e33","type":"debug","z":"9d7cd8ae.f2fe48","name":"Function","active":true,"tosidebar":true,"console":false,"tostatus":false,"complete":"true","targetType":"full","statusVal":"","statusType":"auto","x":1040,"y":100,"wires":[]},{"id":"563db3d3.d3e3ac","type":"server-events","z":"9d7cd8ae.f2fe48","name":"HA Startup","server":"bde4b68e.528848","event_type":"home_assistant_client","exposeToHomeAssistant":false,"haConfig":[{"property":"name","value":""},{"property":"icon","value":""}],"waitForRunning":true,"x":100,"y":100,"wires":[["b8b93d2b.8b57"]]},{"id":"b8b93d2b.8b57","type":"switch","z":"9d7cd8ae.f2fe48","name":"","property":"payload","propertyType":"msg","rules":[{"t":"eq","v":"running","vt":"str"}],"checkall":"true","repair":false,"outputs":1,"x":250,"y":100,"wires":[["24ebb2e2.2f6ffe"]]},{"id":"ac0fc7a.efcc038","type":"comment","z":"9d7cd8ae.f2fe48","name":"Run on HA start","info":"","x":120,"y":40,"wires":[]},{"id":"3a583032.2662b","type":"comment","z":"9d7cd8ae.f2fe48","name":"Set global config vars with secrets.yaml entries","info":"https://bonani.tech/make-a-node-red-flow-run-on-home-assistant-start/","x":520,"y":40,"wires":[]},{"id":"2cccdc63.dbb784","type":"inject","z":"9d7cd8ae.f2fe48","name":"","props":[{"p":"payload"},{"p":"topic","vt":"str"}],"repeat":"","crontab":"","once":false,"onceDelay":0.1,"topic":"","payload":"","payloadType":"date","x":100,"y":180,"wires":[["24ebb2e2.2f6ffe"]]},{"id":"bde4b68e.528848","type":"server","name":"Home Assistant","addon":true,"rejectUnauthorizedCerts":true,"ha_boolean":"y|yes|true|on|home|open","connectionDelay":false,"cacheJson":true}]

jcm · July 30, 2021, 3:03pm

Thank you for this example. Works like a charm.
In any case, I totally agree with @flecmart that it feels like a workaround… Not sure about the safety implications.

Anyway, for other rookies like me, maybe this helps (took me a while )
This is how you call a global from a node:

Krzysztonek · February 22, 2023, 9:39pm

I’m getting the following error message when trying to run this flow:

Sian · March 29, 2023, 9:49pm

If you want it in your global context just add the following to your settings.js file

var fs = require("fs");
var yaml = require("js-yaml");

module.exports = {
  [...]

  functionGlobalContext: {
    secrets: yaml.load(fs.readFileSync('PATH_TO_HA/config/secrets.yaml'))
  }
}

I find it necessary to keep these applications insync and tied to the same settings. Just minor changes to an IP address or simple Token change can break things anywhere it’s being used. Forgetting where they’ve been used can break automations and at times you probably don’t realise.

krad23 · May 15, 2023, 3:13pm

How do you update it without restarting node-red?

Sian · May 16, 2023, 8:09am

You’ll have to create a flow that watches the file then when it’s changed then process the yaml and assign them… Personally I won’t bother going this route as secrets is rarely added to or updated and in the event it is, a restart of node red isn’t much an issue for my setup

Alternatively you could create a small js function that dynamically reads the file when requested and extract the key and value upon request. (I can only suggest that it’s possible but not offer further help on this as it’s a bit thorough)

krad23 · November 16, 2023, 8:44pm

Been using this ever since, but it stopped working for me recently saying file not found and blocking node-red from starting

Jpsy · November 22, 2023, 7:07pm

Until recently you could load the file with a read file node using the path /config/secrets.yaml. Since Node Red integration 16.0.0.0 you have to use /homeassistant/secrets.yaml.