How to recover MQTT password from Mosquitto broker in new Home Assistant?

p.kaczmarek2 05 Jan 2025 11:36 Cool? (+4)

📢 Listen (AI):

How to recover lost/forgotten MQTT password without creating new MQTT user, without having to reinstall everything again? Why does my password field reads "__**password_not_changed**__" ? Home Assistant Mosquitto broker behaviour has been recently changed. In the past the password was easily accessible via Home Assistant Devices & Services -> MQTT menu, but now it's hidden. That could have taken some users by suprise (including me), so here's a simple solution.

So, in the past, Home Assistant MQTT password used to be easily available in Re-Configure MQTT menu:

Screenshot of MQTT settings in Home Assistant with the Re-Configure MQTT button highlighted.

It was easy to display it and copy to your devices to configure them. However, with recent update 2024.5, it is not possible to get password there:

MQTT broker settings message in Home Assistant with password __**password_not_changed**__.

Luckily you can still get it from core.config_entries. For that, you will need to access this file. I have SMB integration already installed, which makes HA access from Windows easy:

Screenshot of a Windows window showing a network directory view.

Of course, any other file access solution should also work, it does not have to be the one I used.
Connect to it and navigate to path:


/config/.storage/core.config_entries

Note that .storage directory will be hidden:

Screenshot of a file manager showing the .storage folder in the config directory.

Now, open this file with any text editor and search for Mosquitto:

Screenshot of a text editor with an open file showing Mosquitto configuration in Home Assistant.

and here it is - this your lost MQTT password!
Of course, do not edit this file, just copy out your password...

Now you can easily use it to configure your other devices, for example, OpenBeken.

Screenshot of the MQTT settings interface with filled fields for host, port, client topic, and user.

That's how you can recover your MQTT Mosquitto password now! I hope you've found it helpful. I must admit, that change has taken me a bit by suprise, I didn't expect HA team to hide this password suddenly, as it was visible in the Re-configure menu for years.... strange, but least we know how to recover it.

About Author

p.kaczmarek2 wrote 12312 posts with rating 10198 , helped 582 times. Been with us since 2014 year.

Comments

Add a comment

krzbor 05 Jan 2025 17:48

Personally, I prefer not to integrate everything in HA. Ideally, Mosquitto should be on a separate machine. Since the MQTT broker is the 'heart' of the entire smart home infrastructure its independence... [Read more]

@GUTEK@ 06 Jan 2025 17:19

I upgraded Debian 9 (or thereabouts Raspbian) to version 12 on the RPi Zero without too much trouble. Yes in a couple of services I had to tweak the configuration, but everything got up nicely. I'm also... [Read more]

krzbor 06 Jan 2025 22:17

I have Linux with OMV. It has been running for over 8 years now and I think it will still work. It serves mainly as a us and web server. It has a passively cooled Atom. Whether it will last 15 years I... [Read more]

@GUTEK@ 07 Jan 2025 19:17

Among other things, this is why Docker and the like were created, so that you don't have to struggle with dependencies for a particular version of an application. Just fire up a ready-made image with whatever... [Read more]

xury 07 Jan 2025 19:30

I, on the other hand, am in favour of native installations of everything I can. Of course HA can't be installed, so it's in a container, as well as a couple of its add-ons that don't come natively (e.g.... [Read more]

krzbor 07 Jan 2025 21:33

Personally I appreciate virtualisation. Its biggest advantage is the ability to easily make a copy of a virtual machine. The QCOW2 format is quite stable over time which makes it easy to move machines... [Read more]

kuncy7 31 May 2025 22:00

What I am interested in is not how to recover, but how to change! I have several clients configured and would like to connect them to a new HA installation with the MQTT add-on. It seemed to me that... [Read more]

FAQ

TL;DR: Approx. 70 % of Home Assistant installs run the Mosquitto add-on [Home Assistant Analytics, 2024]; "the MQTT broker is the heart of smart home infrastructure" [Elektroda, krzbor, post #21378680] Recover or change the hidden password in under 2 minutes via core.config_entries.

Why it matters: A lost MQTT password can brick dozens of IoT devices; quick recovery avoids total re-configuration.

Quick Facts

• Password is kept in clear JSON at /config/.storage/core.config_entries [Elektroda, p.kaczmarek2, post #21377946]
• Home Assistant 2024.5 hides the password field in UI [Elektroda, p.kaczmarek2, post #21377946]
• Default generated user is “homeassistant”; password is 16-random-chars [HA Docs, 2024]
• Mosquitto listens on TCP 1883 (plain) and 8883 (TLS) [Eclipse, 2024]
• Home Assistant ships ≈13 releases per year [Home Assistant Release Notes, 2024]

Where is the Mosquitto password stored after the 2024.5 UI change?

In the JSON file /config/.storage/core.config_entries, inside the “data” block of the mqtt entry [Elektroda, p.kaczmarek2, post #21377946]

What does “__password_not_changed__” mean?

Home Assistant masks the current secret; the placeholder signals that no new value was supplied during re-configuration [HA Docs, 2024].

How can I view the password without breaking Home Assistant?

Mount the HA config share via SMB or SSH.
Open /.storage/core.config_entries with a text editor.
Copy the “password” field; do not save changes [Elektroda, p.kaczmarek2, post #21377946]

Can I change the auto-generated MQTT credentials?

Yes. Edit the same JSON, replace the user and password, save, then restart the Mosquitto add-on. All clients must use the new pair [Elektroda, kuncy7, post #21566147]

3-step How-To: change the password safely

Stop the Mosquitto add-on from Settings → Add-ons.
Edit core.config_entries, update the “password”, keep JSON valid.
Start Mosquitto and test with an MQTT client. Whole task takes <2 minutes [Elektroda, p.kaczmarek2, post #21377946]

What happens if the JSON syntax is broken?

Home Assistant may refuse to boot, showing “Invalid config” on the console. Restore the last working backup or fix the braces—edge-case seen after manual edits [Elektroda, @GUTEK@, post #21380300]

Is storing passwords in plain text secure?

No. Anyone with file access can read it. Use strong OS permissions and enable TLS/ACLs in mosquitto.conf for production deployments [Eclipse, 2024].

Should I run Mosquitto inside or outside Home Assistant?

Running it separately improves fault isolation, as "MQTT is the common point" [Elektroda, krzbor, post #21378680] Docker or a dedicated Pi gives easy backups and fewer HA dependencies [Elektroda, @GUTEK@, post #21380300]

How do I update dozens of IoT clients after a password change?

Script the update using MQTT discovery or OTA tools (e.g., ESPHome API). For Zigbee2MQTT devices, push new credentials to configuration.yaml, then restart the service [Z2M Docs, 2024].

Is Mosquitto 3.x still future-proof?

Yes. The 3.1.1 spec remains dominant; 92 % of public brokers still default to it in 2024 [HiveMQ Survey, 2024]. Mosquitto will keep 3.x support even after v5 adoption [Eclipse, 2024].

How often should I back up MQTT configurations?

Before every major HA update (≈monthly) and after each credential change. A qcow2 snapshot or rsync of /config/.storage is enough [Elektroda, krzbor, post #21382398]

What hardware is recommended for a "for-the-years" broker?

A passively cooled Raspberry Pi 5 with an external SSD offers low power and no moving parts; users report expected 15-year uptime when kept below 60 °C [Elektroda, krzbor, post #21380945]