How to recover MQTT password from Mosquitto broker in new Home Assistant?

p.kaczmarek2 05 Jan 2025 11:36 7 7884 Cool? (+4)

📢 Listen (AI):

TL;DR

Home Assistant Mosquitto MQTT password recovery after the 2024.5 update hides the secret from the MQTT reconfigure menu.
Open `/config/.storage/core.config_entries` through SMB or another file-access method, then search for Mosquitto to recover the saved password.
The password field now shows `__**password_not_changed**__` instead of the visible secret in Devices & Services → MQTT.
Copy the password out without editing `core.config_entries`, then use it to configure other devices such as OpenBeken.

Generated by the language model.

How to recover lost/forgotten MQTT password without creating new MQTT user, without having to reinstall everything again? Why does my password field reads "__**password_not_changed**__" ? Home Assistant Mosquitto broker behaviour has been recently changed. In the past the password was easily accessible via Home Assistant Devices & Services -> MQTT menu, but now it's hidden. That could have taken some users by suprise (including me), so here's a simple solution.

So, in the past, Home Assistant MQTT password used to be easily available in Re-Configure MQTT menu:

Screenshot of MQTT settings in Home Assistant with the Re-Configure MQTT button highlighted.

It was easy to display it and copy to your devices to configure them. However, with recent update 2024.5, it is not possible to get password there:

MQTT broker settings message in Home Assistant with password __**password_not_changed**__.

Luckily you can still get it from core.config_entries. For that, you will need to access this file. I have SMB integration already installed, which makes HA access from Windows easy:

Screenshot of a Windows window showing a network directory view.

Of course, any other file access solution should also work, it does not have to be the one I used.
Connect to it and navigate to path:


/config/.storage/core.config_entries

Note that .storage directory will be hidden:

Screenshot of a file manager showing the .storage folder in the config directory.

Now, open this file with any text editor and search for Mosquitto:

Screenshot of a text editor with an open file showing Mosquitto configuration in Home Assistant.

and here it is - this your lost MQTT password!
Of course, do not edit this file, just copy out your password...

Now you can easily use it to configure your other devices, for example, OpenBeken.

Screenshot of the MQTT settings interface with filled fields for host, port, client topic, and user.

That's how you can recover your MQTT Mosquitto password now! I hope you've found it helpful. I must admit, that change has taken me a bit by suprise, I didn't expect HA team to hide this password suddenly, as it was visible in the Re-configure menu for years.... strange, but least we know how to recover it.

About Author

p.kaczmarek2 wrote 14465 posts with rating 12478 , helped 650 times. Been with us since 2014 year.

Comments

Add a comment

krzbor 05 Jan 2025 17:48

Personally, I prefer not to integrate everything in HA. Ideally, Mosquitto should be on a separate machine. Since the MQTT broker is the 'heart' of the entire smart home infrastructure its independence... [Read more]

@GUTEK@ 06 Jan 2025 17:19

I upgraded Debian 9 (or thereabouts Raspbian) to version 12 on the RPi Zero without too much trouble. Yes in a couple of services I had to tweak the configuration, but everything got up nicely. I'm also... [Read more]

krzbor 06 Jan 2025 22:17

I have Linux with OMV. It has been running for over 8 years now and I think it will still work. It serves mainly as a us and web server. It has a passively cooled Atom. Whether it will last 15 years I... [Read more]

@GUTEK@ 07 Jan 2025 19:17

Among other things, this is why Docker and the like were created, so that you don't have to struggle with dependencies for a particular version of an application. Just fire up a ready-made image with whatever... [Read more]

xury 07 Jan 2025 19:30

I, on the other hand, am in favour of native installations of everything I can. Of course HA can't be installed, so it's in a container, as well as a couple of its add-ons that don't come natively (e.g.... [Read more]

krzbor 07 Jan 2025 21:33

Personally I appreciate virtualisation. Its biggest advantage is the ability to easily make a copy of a virtual machine. The QCOW2 format is quite stable over time which makes it easy to move machines... [Read more]

kuncy7 31 May 2025 22:00

What I am interested in is not how to recover, but how to change! I have several clients configured and would like to connect them to a new HA installation with the MQTT add-on. It seemed to me that... [Read more]

FAQ

TL;DR: For Home Assistant users who lost MQTT access after the 2024.5 change, the fix is simple: open 1 hidden file and copy the stored Mosquitto password. As one poster put it, "here's a simple solution": read /config/.storage/core.config_entries instead of the reconfigure screen. [#21377946]

Why it matters: Newer Home Assistant versions hide the visible MQTT password, so users can get locked out of existing MQTT devices unless they know where the credential is still stored.

Option	Main benefit	Main drawback	Best fit
HA add-ons	Easy central management	Tighter coupling to HA updates	Small, simple setups
Separate Docker containers	Easy config-folder backups	More services to manage	Modular long-term setups
Full virtual machines on Proxmox	Simple rollback and migration	More overhead and complexity	Remote support and long-lived systems

Key insight: The thread’s main takeaway is to decouple critical services. Keep MQTT, Zigbee2MQTT, and automation portable, because credentials, updates, and recovery are easier when one UI change cannot block the whole system.

Quick Facts

Home Assistant 2024.5 changed the MQTT reconfigure view so the real password no longer appears there and may show password_not_changed instead. [#21377946]
The password discussed in the thread is still stored in /config/.storage/core.config_entries, and .storage is a hidden directory. [#21377946]
One long-term setup in the thread uses Raspberry Pi 5 with 8GB RAM, a USB3 SSD, Proxmox, one VM for Home Assistant, and a second Linux VM for Zigbee2MQTT. [#21378680]
A separate always-on Linux/OMV server mentioned in the thread has already run for over 8 years, while another industrial control panel example has run for 25 years. [#21380945]
MQTT is described as a simple protocol, and one poster notes that "everyone uses the old 3.x version" in practice. [#21378680]

How can I recover a lost MQTT password from the Mosquitto broker in newer Home Assistant versions?

You can recover it by reading Home Assistant’s stored config file instead of the MQTT reconfigure screen. 1. Access the Home Assistant file system. 2. Open /config/.storage/core.config_entries. 3. Search for Mosquitto and copy the saved password without editing the file. This works because the credential still exists in storage even after the UI change introduced around Home Assistant 2024.5. [#21377946]

Why does the MQTT password field in Home Assistant show "password_not_changed" instead of the real password?

It shows password_not_changed because newer Home Assistant versions no longer expose the real Mosquitto password in the reconfigure form. The thread identifies this as a recent behavior change and contrasts it with older versions where the password was visible and easy to copy. The practical effect is that the UI stops being a recovery point, even though the real credential remains stored internally. [#21377946]

Where in Home Assistant can I find the Mosquitto MQTT password now that it is hidden in the reconfigure menu?

You now find it in Home Assistant’s internal storage, not in Devices & Services → MQTT. Open the core.config_entries file under /config/.storage/, then search for the Mosquitto entry. The thread states this is the current workaround after the password stopped appearing in the reconfigure menu in Home Assistant 2024.5. [#21377946]

What is the exact path to the Home Assistant file that stores MQTT credentials, and how do I open it safely?

The exact path is /config/.storage/core.config_entries. Open that file with a text editor, search for Mosquitto, and copy the password only. Do not modify the file, because the poster explicitly warns to use it as read-only for recovery. That caution matters because core.config_entries is part of Home Assistant’s internal configuration store. [#21377946]

How do I access the hidden .storage directory in Home Assistant to read core.config_entries?

Access Home Assistant’s file system with a share or file-access method, then enable viewing hidden folders so .storage becomes visible. The thread author used SMB integration from Windows, but also notes that any other file access solution should work. The key detail is that .storage is hidden, so you must reveal hidden directories before opening core.config_entries. [#21377946]

What precautions should I take before viewing Home Assistant's core.config_entries file to copy an MQTT password?

Treat the file as read-only and copy the password without changing anything. The thread gives one clear warning: do not edit core.config_entries. A safe workflow is to open it in a plain text editor, search for Mosquitto, copy the credential, and close the file. The main failure case is accidental edits to an internal Home Assistant storage file. [#21377946]

How do I use the recovered Home Assistant Mosquitto password to configure devices like OpenBeken?

Use the recovered password as the MQTT credential on each client device that connects to the Home Assistant Mosquitto broker. The thread gives OpenBeken as a concrete example and shows the recovered password being copied into device configuration. This avoids creating a new MQTT user and avoids reinstalling the Home Assistant MQTT setup just to reconnect existing clients. [#21377946]

What is Proxmox, and why would someone run Home Assistant and Zigbee2MQTT on it instead of directly on Raspberry Pi OS?

"Proxmox is a virtualization platform that runs separate virtual machines, isolating services and simplifying rollback." In the thread, one user runs it on a Raspberry Pi 5 with 8GB RAM and a USB3 SSD, then keeps Home Assistant in one VM and Zigbee2MQTT in another. The stated reason is resilience: monthly HA updates become safer when you can stop a VM, copy its image, and restore it if something breaks. [#21378680]

What is the QCOW2 format, and how does it help with backups and migration of Home Assistant virtual machines?

"QCOW2 is a virtual disk format that stores a VM image in a portable file, easing copying, rollback, and migration." The thread praises QCOW2 because its format is considered stable over time and easy to move between machines. That makes Home Assistant recovery faster: if a boot fails, you can restore a previous working VM image instead of repairing a damaged live system. [#21382398]

Home Assistant add-ons vs separate Docker containers vs full virtual machines — which setup is better for a smart home meant to last for years?

Separate containers or full VMs are presented as better long-term choices than keeping everything inside Home Assistant add-ons. One poster prefers separate Docker services because backups are just copies of each service’s config folder. Another prefers full virtualization for easy image rollback and remote recovery. The thread’s shared pattern is decoupling: keep MQTT, Zigbee2MQTT, and HA separable so one update does not threaten the whole stack. [#21382130]

What is Zigbee2MQTT, and why do some users prefer to keep it separate from Home Assistant?

"Zigbee2MQTT is a bridge service that connects Zigbee devices to an MQTT broker, keeping radio-device control independent from Home Assistant." In the thread, users separate it because new hardware may force updates, while MQTT and automation can remain more stable. One example setup runs Zigbee2MQTT in its own Linux VM so it can be updated or rebuilt without disturbing Home Assistant. [#21378680]

How should I design a smart home system with Mosquitto, Home Assistant, and Zigbee2MQTT for long-term reliability over 10 to 20 years?

Design it as three separate layers: MQTT broker, device bridge, and automation. The thread recommends Mosquitto as the common point, devices and Zigbee2MQTT communicating through it, and Home Assistant acting as only one automation layer. A concrete example targets 15–20 years by isolating MQTT, placing HA and Zigbee2MQTT on separate VMs, and keeping restores simple when updates fail. [#21378680]

What backup strategy works best for Home Assistant, Mosquitto, and Zigbee2MQTT on Raspberry Pi 5 with SSD storage?

The strongest strategy in the thread is image-level backup plus offline copy. One user stops the VM before major updates, copies the image, and restores it if the new version fails. On a Raspberry Pi 5 with an 8GB model and USB3 SSD, that same user also unplugged the USB drive and cloned it to a classic HDD. That gives both fast recovery and a second physical copy. [#21378680]

How do I change the auto-generated MQTT username and password in a new Home Assistant Mosquitto add-on installation so existing clients can keep their old credentials?

The thread does not provide a confirmed method to change the auto-generated Home Assistant Mosquitto credentials. The only direct statement is a later question from a user who wanted to reuse old Domoticz-era credentials across several dozen clients and could not solve it in the new HA MQTT add-on flow. So this thread answers recovery, not verified credential replacement. [#21566147]

What hardware and software choices make the most sense for a durable Home Assistant setup: Raspberry Pi 5 with passive cooling, Docker, native installs, or virtualization?

The thread supports two durable patterns: lightweight native or containerized services, and full virtualization when backup speed matters most. One poster favors Raspberry Pi 5, passive cooling, Samsung T7, Proxmox, and separate VMs. Others prefer Docker or native installs to save RAM and CPU. The clearest rule is practical: choose the simplest stack you can restore quickly after failure, especially over 10–25 years. [#21380945]

Generated by the language model.