Only replace secrets.yaml if passwords are found in Bitwarden

[ElVit]

Hi,
I tried your Addon Bitwarden secrets for Home Assistant and I like it a lot.
But last time I restarted my Intel Nuc something went wrong and Home Assistant started in safe mode because the secrets.yaml was empty. Maybe it’s because Bitwarden started to late and your addon could not get the passwords. After I restarted just Home Assistant all worked fine.

Is there a possibility to check if Bitwarden is completely loaded before your addon gets the secrets?

Or maybe only rewrite the secrets.yaml file if there is really a password found in Bitwarden?

[alex3305]

Hi, thanks for the feedback and creating the issue. As a matter of fact, I recently migrated to a larger SSD and encountered the same issue!

Is there a possibility to check if Bitwarden is completely loaded before your addon gets the secrets?

Perhaps that would be possible with the Home Assistant hassio_api that is exposed to the application. I will have to look into that to be certain.

Or maybe only rewrite the secrets.yaml file if there is really a password found in Bitwarden?

This functionality is currently implemented in version 1.3.0 (efb28ce) in an effort to mitigate the issue you are describing. So I really like to know if you were using this version of the add-on when this issue occurred?

[ElVit]

Hi Alex,
Yes I am using the newest version 1.3.0 of your addon.
I have just tested it and it looks like the addon is still replacing the secrets.yaml even if there are no passwords found in Bitwarden.
I tried to changed the username, password and organization. In all cases I get an empty secrets.yaml.

In my logs I see also the following lines:

[14:14:23] INFO: Start retrieving your Home Assistant secrets from Bitwarden
Could not find dir, "/root/.config/Bitwarden CLI"; creating it instead.
Could not find data file, "/root/.config/Bitwarden CLI/data.json"; creating it instead.
[14:14:28] INFO: Bitwarden login succesful!
[14:14:47] INFO: Changed from Bitwarden detected, replacing secrets.yaml...
[14:14:49] INFO: Secret files created.

Maybe that's the issue?

[alex3305]

Don't worry. I haven't forgot about this issue. Things were rather busy for me, sorry for not responding.

Maybe that's the issue?

The issue is that my script doesn't check whether or not secrets.yaml is filled or not. That's still on my TODO list though. When this is implemented, this issue should be mitigated.

Perhaps unrelated to this issue, but you can enable log_level: debug to get a bit more information about what the add-on is doing.

[ElVit]

No problem. I will wait.
My workaround for now is to disable the "start on boot" option and start the addon manually.

[alex3305]

@ElVit The PR automatically closed this issue. But I would really like it if you can test it and report back. I think the aforementioned PR solves this issue btw. If it doesn't I will of course re-open this issue.

Basically I've added a check to test whether or not Bitwarden returns at least a single secret. Also I've changed the boot order so that this add-on will start after Home Assistant. That would probably also help a bit.

[ElVit]

@alex3305
Thank you for the new update.
Now it's working correct 🤩.

There are only two things which I found that may be improved:

• The logs showing [22:43:57] INFO: Bitwarden login succesful! even if there is an error in the config.
• The option secret_file isn't working for me. If I write secret_file: secrets-test.yaml the addon is still writing inside secrets.yaml.