Frontend: Automation editor exposing !secret values

Same as #11617 which was auto-resolved

If you try using !secret in a new automation it won't save unless you put quotes around '!secret keytosecretcode'. However this means that the automation uses the literal string '!secret keytosecretcode' and doesn't substitute.

If you change the automation in the yaml and remove the quotes, the automation editor replaces the !secret keytosecretcode with the actual value e.g.
{
"code": mysecretcode
}

Confirmed that this still is the case on 0.88.2.

Everything seems to work as intended when editing the automation config manually. Loading the config in the editor pre-populates with the secret, and saving saves the secret directly.

Confirmed that this is still the case on 0.100.0.dev0. (A.k.a., I independently re-discovered this bug. ;-) )

no need to add comments confirming still exists

Confirming issue still exists with 0.101.3. Is this being looked into? I'm debating if I should wait before I continue migrating my other automations.

🤦‍♂️

automation editor is only visible to admins now. considering this closed.

I think that this solution isn't that great. Current behaviour will copy values from secrets.yaml to automations.yaml once you hit save in the editor. This means these values are getting duplicated on first save only. If you would like to change it in the future you have to search for that value in both files and you have to change them twice.

Better would be to keep the placeholder in automations.yaml and not the resolved secrets value. So you can be sure that the secret ist secretly stored once and will be accessed by reference.

I agree with bastiononken, just because automations are admin only doesn't mean there is no problem.
When changing the secrets file all automations using the secret need to be changed as well.
Also there's the issue that it not possible to add !secret somesecret through the ui, it has to be done by editing the automations file.

So it seems like there's no intention to correct this behaviour - which is unfortunate. I agree with bastianonken as this defeats the point of a master secrets file (and in my opinion still a higher security risk just having multiple versions of "secrets" floating around even if it is behind an admin login).

I might move everything back to my old Automations.yaml file and forgo the web editor. At least the devs left that as an option. Please don't take that away if there are no plans to fix this in the web editor. Just so others who come browsing here know, you can still use the yaml method and everything works fine..,. for now.

!secrets is a yaml function, and will stay for yaml users. The frontend can't deal with it right now and it would require a lot of work to add support for it.

A possibility to keep using the frontend to edit your automations without !secrets is using this:

# Configuration.yaml example

# for the frontend
automation: !include automations.yaml
# for your automations with secrets
automation secret: !include secret_automations.yaml