jeans/home-assistant.io
1
0
Fork 0
mirror of https://github.com/home-assistant/home-assistant.io.git synced 2025-11-12 04:20:44 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
1477f40b9ee604e8f9c7f57a64c93f361918b51a
home-assistant.io/source/_docs/configuration/secrets.markdown
c0ffeeca7 fc14b5d413 Secrets remove core specific steps (#39188)
2025-05-26 12:35:55 +02:00

63 lines
2.5 KiB
Markdown
Raw Blame History

---
title: "Storing secrets"
description: "Storing secrets outside of your configuration.yaml."
related:
- docs: /docs/configuration/
title: configuration.yaml file
- docs: /docs/configuration/splitting_configuration/
title: Splitting the configuration
- docs: /docs/configuration/securing/
title: Securing your instance
---
The {% term "`configuration.yaml`" %} file is a plain-text file, thus it is readable by anyone who has access to the file. The file contains passwords and API tokens which need to be redacted if you want to share your configuration.
By using `!secret` you can remove any private information from your configuration files. This separation can also help you to keep easier track of your passwords and API keys, as they are all stored at one place and no longer spread across the {% term "`configuration.yaml`" %} file or even multiple {% term YAML %} files if you [split up your configuration](/docs/configuration/splitting_configuration/).
## Using `secrets.yaml`
The workflow for moving private information to `secrets.yaml` is very similar to the [splitting of the configuration](/docs/configuration/splitting_configuration/). Create a `secrets.yaml` file in your Home Assistant [configuration directory](/docs/configuration/).
The entries for password and API keys in the {% term "`configuration.yaml`" %} file usually looks like the example below.
```yaml
rest:
- authentication: basic
username: "admin"
password: "YOUR_PASSWORD"
...
```
Those entries need to be replaced with `!secret` and an identifier.
```yaml
rest:
- authentication: basic
username: "admin"
password: !secret rest_password
...
```
The `secrets.yaml` file contains the corresponding password assigned to the identifier.
```yaml
rest_password: "YOUR_PASSWORD"
```
## Debugging secrets
When you start splitting your configuration into multiple files, you might end up with configuration in sub folders. Secrets will be resolved in this order:
- A `secrets.yaml` located in the same folder as the {% term YAML %} file referencing the secret,
- next, parent folders will be searched for a `secrets.yaml` file with the secret, stopping at the folder with the main {% term "`configuration.yaml`" %}.
To see where secrets are being loaded from, you can add an option to your `secrets.yaml` file.
Print where secrets are retrieved from to the Home Assistant log by adding the following to `secrets.yaml`:
```yaml
logger: debug
```
This will not print the actual secret's value to the log.
Reference in New Issue View Git Blame Copy Permalink