Redacts Home Assistant secrets for public repositories.
I'm sharing my configuration publicly and I want to include my commands but not actual secrets like tokens. It's a pain to have to redact secrets manually.
The secrets_template.yaml is read and writes two files:
secrets.yamlfile read by hasssecrets_redacted.yamlfile pushed to your repository
You also have to edit the paths in main.py
TEMPLATE = "/Users/matte/mount/hass-config/secrets_template.yaml"
write_redacted("/Users/matte/mount/hass-config/secrets_redacted.yaml")
write_secrets("/Users/matte/mount/hass-config/secrets.yaml")Note: If the secret starts with brackets you have to wrap it in quotes.
token: "[[[Gffk52sd5]]]"
command: my cool command but hide my [[[password]]]
remote: ssh [[[matt@142.250.181.238]]] reboottoken: REDACTED
command: my cool command but hide my REDACTED
remote: ssh REDACTED reboottoken: Gffk52sd5
command: my cool command but hide my password
remote: ssh matt@142.250.181.238 rebootsecrets.yaml
secrets_template.yaml
Edit ~/.zshrc and add the function
makes() {
python3 "/Users/matte/GitHub/redact-secrets/main.py"
}Now you can type makes into terminal to quickly generate the files.
Please double-check secrets_redacted.yaml before you push it so you don't leak any sensitive information.