update_new_commits_sensor.sh when using api_password

[brianjking]

@Tommatheussen --

Thank you so much for your scripts, they're very helpful. However, I do have one issue that I'm hoping you might be able to help me with.

When I attempted to implement your update_new_commits_sensor.sh script in my installation I was unable to issue the POST via curl as I utilize api_password in my configuration.yaml file.

The only way I've found to circumvent this is to not include this update_new_commits_sensor.sh in my public GitHub repository as it would obviously expose my Home Assistant UI password to the public, eliminating the entire purpose of having a password.

What Works

curl -X POST -H "x-ha-access: $1" -H "Content-Type: application/json" https://my.domain.com/api/states/sensor.new_commits?api_password=MyPassword -d "{\"state\": \"$commits\"}"

Any ideas how I can maybe dynamically insert the ?api_password=MyPassword into the curl command via my secrets.yaml file?

Secondly, despite that I have this customize setting:

 sensor.new_commits:
      hidden: false

sensor.new_commits only appears after activating the script. Any tips?

Thanks again! My configuration can be found here.

Cheers!

[Tommatheussen]

Hello @brianjking,

That is indeed an issue I have also asked on the HA community pages. Apparently the secrets can't be used a parameters to a bash script, for some security reasons they mentioned, hopefully they will provide a way to do this seen.

In my setup I currently manually set the password (as you can see in the script, I use $1, which takes the first parameter from the call), after pulling new code (if the file changed). This is what my shell_command file looks like: bash /home/hass/.homeassistant/bin/update_new_commits_sensor.sh myHAPassword In the future I'm planning to do this automatically (by trying to read the secrets file and replacing some placeholder), sadly I didn't have time for this yet.

as for the hidding issue, I believe this might be caused because the sensor doesn't exist before actually assigning it a value. (Since the update script actually create the sensor when it's setting values). I've worked around this by actually using this code as a template sensor:

new_commits:
    value_template: >
      {{ states("sensor.new_commits") }}

You could give that a try and see if it helps ;)

I'm glad the scripts helped you :)

[brianjking]

@Tommatheussen

Thanks for the reply...

I'm not seeing your shell command file you mention:

bash /home/hass/.homeassistant/bin/update_new_commits_sensor.sh myHAPassword

Regardless, are you saying you've figured out a way to have your password pulled in from somewhere not in your public repository?

I tried adding your suggested template_sensor and now when I click the "ACTIVATE" button to check for new commits, git pull and restart Home Assistant instead of seeing the commits sensor show up for a few seconds like it was before now nothing shows regarding the number of new commits.

sensor 6:
  - platform: template
    sensors: 
      new_commits:
        value_template: >
          {{ states("sensor.new_commits") }}

Thanks!

[Tommatheussen]

The shell command is located here: https://github.com/Tommatheussen/Home-Assistant-Configuration/blob/master/shell_command/update_new_commits_sensor.yaml As you can see, I've appended #TODO feed password to the end of the command. After I pull the config I manually have to change that string to my password, this should only be done once since I don't change that script.

I haven't found a way to get the password from my secrets file yet, I read somewhere that using the computer's environment variables might work, but I've yet to try this.

As for the other issue with the template, it should work. I'll check my own setup, see if that still works (as I hide the sensor I might not have noticed it).

[brianjking]

@Tommatheussen It looks like you've made some changes to your sensor/git pull, I'm gonna try to take a look at it and see if I can get mine working again.

If you have a few minutes can you let me know what all has changed? looks like you're pulling the password from somewhere now.

Thanks!

[Tommatheussen]

Hi, nice to see somebody is still using some of my examples :) First of all: I'm currently in the process of building my house, so I'm not updating this repo often now (as I don't have much yet :P ) Secondly: It's been a while since I've actually used my git workflow myself

That being said: Right now I've created a dummy sensor (template), which is the value I use in my scripts to replace the password, in the past I've just put a placeholder which I've replaced myself afterwards. I read on the forum that another method could be used as well, which makes use of the data attribute of scripts (like so: https://community.home-assistant.io/t/using-secrets-yaml-with-shell-commands/4478/12), though I've yet to test this functionality.

I hope this helps a bit ;)

[roblandry]

You should check out my config. I implimented a way to pull the ha_password in a bash script. It is probably not the most efficient, but i hacked together a way to do it. HERE

Specifically lines 27-35. The last 4 lines just remove the double quotes.

[Tommatheussen]

Closing this as I'm cleaning up my config and I don't currently use this stuff anymore, it's been a while...