Z-Wave JS: Any way to change from No Encryption/Security to S2 without Excluding and then Including?

I initially joined my HA Z-Wave devices (Zooz ZST10 USB) without forcing encryption. I had tried (I think), but it didn’t work. I now discovered that I hadn’t set an S2 Authentication Key, and now that I have, new devices can easily get added with encryption.

So, what do I do about the other 20 devices that are already included without security? If I exclude and include, what happens to all my Automations (plus Node-Red)? I’m concerned that I would break alot of things.


  • Robert

No, your only choice right now is to exclude and re-include. If you want to preserve node numbers, you can perform some shenanigans to force a node to go failed and replace it, but that’s still a lot of work. Even with that, HA does not currently handle failed node replacements as you might hope; it will delete the existing device and replace it with a new one instead of using the original device. So excluding/re-including might just be easier.

If you re-include a node, your automations will work as long as you rename the entities to whatever they were previously. If you are using any device IDs or reference node IDs in any way, you would have to update those since device/node IDs change. Just keep a record of all those IDs before re-including them.

Of course, you should verify first that the devices actually support S2, otherwise all that work is for nothing. All “recent” devices would, but “older” ones won’t. Out of 20 nodes, only 4 of mine do, most are a few years old.


I used to be an Insteon user with an ISY controller. When I moved, I decided to start from scratch and chose Z-Wave and ultimately Home Assistant. All my devices are new, mostly Zooz, but some Leviton, GE/Jasco, Ecolink (Garage door sensors) and Aeotec (Recessed Door Sensor).

I guess I’ll just exclude/re-include.

Thanks so much for the solution.