Allow variable substitution in `!secret` key references #3515

schildbach · 2026-02-04T11:09:30Z

schildbach
Feb 4, 2026

Allow setting an API encryption key per device like this:

api:
  encryption:
    key: !secret ${node_name}_api_key

Currently, this yields:

ERROR Error while reading config: Invalid YAML syntax:

Secret '${node_name}_api_key' not defined

I assume it doesn't even try to substitude the variable (which works at many other places).

My feature request is to make this possible.

The alternative for me would be to:

either use a single API key across my dozens of devices (not recommended from a security perspective), or
duplicate the entire api: section over dozens of configuration files, just to be able to customize the key reference per device

see above

No response