logo elektroda
logo elektroda
X
logo elektroda
Advanced Search
logo elektroda

How to recover MQTT password from Mosquitto broker in new Home Assistant?

p.kaczmarek2 7788 7

TL;DR

  • Home Assistant Mosquitto MQTT password recovery after the 2024.5 update hides the secret from the MQTT reconfigure menu.
  • Open `/config/.storage/core.config_entries` through SMB or another file-access method, then search for Mosquitto to recover the saved password.
  • The password field now shows `__**password_not_changed**__` instead of the visible secret in Devices & Services → MQTT.
  • Copy the password out without editing `core.config_entries`, then use it to configure other devices such as OpenBeken.
Generated by the language model.
ADVERTISEMENT
Report a violation of the law
Reply Cool? Ranking DIY | New topic
Notify about new articles
📢 Listen (AI):
  • MQTT broker options window with the password field showing __**password_not_changed**__.
    How to recover lost/forgotten MQTT password without creating new MQTT user, without having to reinstall everything again? Why does my password field reads "__**password_not_changed**__" ? Home Assistant Mosquitto broker behaviour has been recently changed. In the past the password was easily accessible via Home Assistant Devices & Services -> MQTT menu, but now it's hidden. That could have taken some users by suprise (including me), so here's a simple solution.

    So, in the past, Home Assistant MQTT password used to be easily available in Re-Configure MQTT menu:
    Screenshot of MQTT settings in Home Assistant with the Re-Configure MQTT button highlighted.
    It was easy to display it and copy to your devices to configure them. However, with recent update 2024.5, it is not possible to get password there:
    MQTT broker settings message in Home Assistant with password __**password_not_changed**__.
    Luckily you can still get it from core.config_entries. For that, you will need to access this file. I have SMB integration already installed, which makes HA access from Windows easy:
    Screenshot of a Windows window showing a network directory view.
    Of course, any other file access solution should also work, it does not have to be the one I used.
    Connect to it and navigate to path:
    Code: text Expand Select all Copy to clipboard
    
/config/.storage/core.config_entries

    Note that .storage directory will be hidden:
    Screenshot of a file manager showing the .storage folder in the config directory.
    Now, open this file with any text editor and search for Mosquitto:
    Screenshot of a text editor with an open file showing Mosquitto configuration in Home Assistant.
    and here it is - this your lost MQTT password!
    Of course, do not edit this file, just copy out your password...

    Now you can easily use it to configure your other devices, for example, OpenBeken.

    Screenshot of the MQTT settings interface with filled fields for host, port, client topic, and user.

    That's how you can recover your MQTT Mosquitto password now! I hope you've found it helpful. I must admit, that change has taken me a bit by suprise, I didn't expect HA team to hide this password suddenly, as it was visible in the Re-configure menu for years.... strange, but least we know how to recover it.

    Cool? Ranking DIY
    Helpful post? Buy me a coffee.
    About Author
    p.kaczmarek2
    Moderator Smart Home
    Offline 
    p.kaczmarek2 wrote 14406 posts with rating 12340, helped 650 times. Been with us since 2014 year.
  • ADVERTISEMENT
  • #2 21378680
    krzbor
    Level 29  
    Posts: 1731
    Help: 40
    Rate: 1044
    Personally, I prefer not to integrate everything in HA. Ideally, Mosquitto should be on a separate machine. Since the MQTT broker is the 'heart' of the entire smart home infrastructure its independence from the other components should be ensured. Thus, we have:
    - MQTT broker - our common point,
    - devices communicating over MQTT, including via Zigbee2MQTT,
    - automation using MQTT (e.g. HA, but I also created such automation in PHP).
    I had a Pi3 a few years old with an old operating system. After a couple of years I found the system severely lagged and had problems with the newer version of Zigbee2MQTT. Recommendations to update the OS - install it from scratch :( .
    I tried some tricks with switching between versions, but the Pi didn't get up again. How do you do automation here that is supposed to work for the next 15-20 years?
    I tried another way - I bought a Pi5 with 8GB RAM and a USB3 SSD to go with it, and managed to install Proxmox on that. I installed Apache+PHP on the mother machine - rather for my own use. Anyway, PHP 5.6 still works well, and it's over 10 years old. There is also Mosquitto on this machine. MQTT is basically a very primitive and simple format. I hope it lasts a long time. Everyone uses the old 3.x version of the format anyway. Now two virtuals - on one HA. This system has updates every month. Before major updates I just stop the VM, make a copy of the image and boot. If something stops working just restore the image. On the other Linux VM I have Zigbee2MQTT. Unfortunately this has to be updated to get new hardware working. And Zigbee2MQTT is written in Node.js. That's why it landed on the virtual machine.
    When everything worked I unplugged the USB drive and made a copy of it to a hard drive (this time to a classic platter HDD). This is exactly why I chose USB3 rather than PCIe.

    There is no problem if we do the automation for ourselves and we know it. We can then swap out both hardware and software components - it's even such an enjoyable hobby. However, what about when we do it for others? I'm not talking about commercial implementation, but for family or friends, for example? The whole thing simply has to work reliably for a long time.
    Is 15-20 years a long time? It certainly is, but I have a control panel that has been running for 25 years and is doing well. Will a Pi5 with a decent passive heatsink do the job? I think so - the software problem remains.
    I'm curious to hear your opinions - how do you make a smart home system "for the years"?
  • ADVERTISEMENT
  • #3 21380300
    @GUTEK@
    Level 31  
    Posts: 1560
    Help: 163
    Rate: 367
    I upgraded Debian 9 (or thereabouts Raspbian) to version 12 on the RPi Zero without too much trouble. Yes in a couple of services I had to tweak the configuration, but everything got up nicely.
    I'm also in favour of splitting services as much as possible, maybe not necessarily on physically different devices, but not keeping everything as an add-on to HA. I happen to be using Docker, so in case of an update, all I need to do is make a copy of the folder with the configuration of the service in question.

    And as for the longevity, I doubt that such an RPi or even a modern non-industrial PC will run you trouble-free for those 15-25 years. Not to mention software support and heaviness. The current Raspbian is basically already too heavy for the first Rpi or thereabouts Rpi Zero, it works, but it muddles.

    In my opinion if you want a system for years only some closed industrial smart home for which someone provides technical support, and even here I doubt any manufacturer would want to support it for so many years. I can see it from the industrial in the robot, if after 10 years the manufacturer provides parts for the machines and some kind of service it is a miracle.
    So my opinion is that you either buy some ready-made system and probably pay a subscription for it, and the manufacturer supports it on an ongoing basis and possibly replaces the obsolete equipment (if such a system exists at all? I don't know because I wasn't interested in this topic) or you carve out such an HA and subordinate services yourself from time to time.
  • #4 21380945
    krzbor
    Level 29  
    Posts: 1731
    Help: 40
    Rate: 1044
    I have Linux with OMV. It has been running for over 8 years now and I think it will still work. It serves mainly as a us and web server. It has a passively cooled Atom. Whether it will last 15 years I don't know, but it will certainly be difficult to install anything new on it - unfortunately that's Linux. Programs I compiled on Windows over 20 years ago on Win 2000 still run on Win 11.
    I decided to go for full virtualisation (rather than containers) because I hope to be able to run a brand new system as a VM years later despite the obsolescence of Proxmox. Additionally, I've read that HA as a container is not the best solution (it's all about add-ons).
    As for durability, I chose the Pi with the hope that it would provide this durability - after all, it is manufactured in Wales, not China.
    Manufacturers' own solutions, is a tempting prospect, but it is an expensive solution and much limited compared to ZigBee or WiFi solutions where we have literally thousands of devices and chips.
    I'd love to read further comments on how to make a smart home 'for the years' My choice:
    Hardware:
    - RPi 5 8GB with passive cooling,
    - SAMSUNG USB drive (T7).
    Software:
    - "mother" is PiOS (unfortunately it is getting old),
    - MQTT - Mosquitto - software should last a long time even without updates,
    - Proxmox for virtualisation (QEMU in general),
    - a virtual machine with Zigbee2MQTT - you can put it up again if you need to, and as a last resort you can put up a second machine with Zigbee2MQTT (or something alternative if it is created) with its own coordinator working on a different channel,
    - HA virtual machine.
  • ADVERTISEMENT
  • #5 21382130
    @GUTEK@
    Level 31  
    Posts: 1560
    Help: 163
    Rate: 367
    Among other things, this is why Docker and the like were created, so that you don't have to struggle with dependencies for a particular version of an application. Just fire up a ready-made image with whatever libraries it needs.
    The Windows perpetual compatibility crap is also a bad thing, as the system is now a patch on a patch of old libraries.
    Those add-ons you write about in HA are simply services running in Docker, only managed then from within HA. And I just have them running separately and that's it. On the other hand, HA sits nicely in a container, it has its own directory with the database and configuration. There is a separate container for MQTT and Z2M and that is the difference.
  • ADVERTISEMENT
  • #6 21382158
    xury
    Automation specialist
    Posts: 7071
    Help: 876
    Rate: 1486
    I, on the other hand, am in favour of native installations of everything I can. Of course HA can't be installed, so it's in a container, as well as a couple of its add-ons that don't come natively (e.g. Frigate, ESP Home). The rest is only natively, so I still have a lot of free RAM and CPU despite quite a number of services. I don't understand virtualisation on Dell Wyse toys, especially just to install HA only on Proxmox.
  • #7 21382398
    krzbor
    Level 29  
    Posts: 1731
    Help: 40
    Rate: 1044
    xury wrote:
    I don't understand virtualisation on Dell Wyse type toys, especially just to install HA only on Proxmox.
    Personally I appreciate virtualisation. Its biggest advantage is the ability to easily make a copy of a virtual machine. The QCOW2 format is quite stable over time which makes it easy to move machines around. The ability to remotely help someone (or yourself if the machine is operated remotely) is also an advantage. Normally it would be: "it doesn't start". If you can connect to a monitor then maybe we can at least get a picture of the failed boot screen. With virtualisation we can see everything ourselves and, if necessary, restore the previous working version.
  • #8 21566147
    kuncy7
    Level 9  
    Posts: 33
    Help: 1
    Rate: 2
    What I am interested in is not how to recover, but how to change!
    I have several clients configured and would like to connect them to a new HA installation with the MQTT add-on.
    It seemed to me that it would be simpler to change the login and password on the new HA installation than to change the login and password on several(dozen) clients.
    Unfortunately I have fallen down on this problem.
    Is it possible to change this generated password and user (I still have from domoticz)?
Reply Cool? Ranking DIY | New topic
Notify about new articles
📢 Listen (AI):
Report a violation of the law

Topic summary

✨ The discussion addresses the issue of recovering or changing the MQTT password in the Mosquitto broker integrated with Home Assistant (HA) following recent updates, particularly version 2024.5, which now hides the password field displaying "__password_not_changed__". Previously, the MQTT password was accessible via the Home Assistant Devices & Services MQTT menu, allowing easy retrieval for device configuration. The new behavior requires accessing the password through the core.config_entries configuration files instead. Users also discuss best practices for MQTT broker deployment, favoring separation from HA for stability and longevity, with suggestions including running Mosquitto on dedicated hardware or virtual machines using Proxmox or Docker containers. The conversation highlights challenges in maintaining long-term system stability on Raspberry Pi devices and the benefits of virtualization for backup and recovery. Additionally, there is interest in changing the generated MQTT user credentials to avoid reconfiguring multiple clients, though this remains problematic with the current HA MQTT add-on setup.
Generated by the language model.
Today's popular

FAQ

TL;DR: For Home Assistant users who lost MQTT access after the 2024.5 change, the fix is simple: open 1 hidden file and copy the stored Mosquitto password. As one poster put it, "here's a simple solution": read /config/.storage/core.config_entries instead of the reconfigure screen. [#21377946]

Why it matters: Newer Home Assistant versions hide the visible MQTT password, so users can get locked out of existing MQTT devices unless they know where the credential is still stored.

Option Main benefit Main drawback Best fit
HA add-ons Easy central management Tighter coupling to HA updates Small, simple setups
Separate Docker containers Easy config-folder backups More services to manage Modular long-term setups
Full virtual machines on Proxmox Simple rollback and migration More overhead and complexity Remote support and long-lived systems

Key insight: The thread’s main takeaway is to decouple critical services. Keep MQTT, Zigbee2MQTT, and automation portable, because credentials, updates, and recovery are easier when one UI change cannot block the whole system.

Quick Facts

  • Home Assistant 2024.5 changed the MQTT reconfigure view so the real password no longer appears there and may show password_not_changed instead. [#21377946]
  • The password discussed in the thread is still stored in /config/.storage/core.config_entries, and .storage is a hidden directory. [#21377946]
  • One long-term setup in the thread uses Raspberry Pi 5 with 8GB RAM, a USB3 SSD, Proxmox, one VM for Home Assistant, and a second Linux VM for Zigbee2MQTT. [#21378680]
  • A separate always-on Linux/OMV server mentioned in the thread has already run for over 8 years, while another industrial control panel example has run for 25 years. [#21380945]
  • MQTT is described as a simple protocol, and one poster notes that "everyone uses the old 3.x version" in practice. [#21378680]

How can I recover a lost MQTT password from the Mosquitto broker in newer Home Assistant versions?

You can recover it by reading Home Assistant’s stored config file instead of the MQTT reconfigure screen. 1. Access the Home Assistant file system. 2. Open /config/.storage/core.config_entries. 3. Search for Mosquitto and copy the saved password without editing the file. This works because the credential still exists in storage even after the UI change introduced around Home Assistant 2024.5. [#21377946]

Why does the MQTT password field in Home Assistant show "password_not_changed" instead of the real password?

It shows password_not_changed because newer Home Assistant versions no longer expose the real Mosquitto password in the reconfigure form. The thread identifies this as a recent behavior change and contrasts it with older versions where the password was visible and easy to copy. The practical effect is that the UI stops being a recovery point, even though the real credential remains stored internally. [#21377946]

Where in Home Assistant can I find the Mosquitto MQTT password now that it is hidden in the reconfigure menu?

You now find it in Home Assistant’s internal storage, not in Devices & Services → MQTT. Open the core.config_entries file under /config/.storage/, then search for the Mosquitto entry. The thread states this is the current workaround after the password stopped appearing in the reconfigure menu in Home Assistant 2024.5. [#21377946]

What is the exact path to the Home Assistant file that stores MQTT credentials, and how do I open it safely?

The exact path is /config/.storage/core.config_entries. Open that file with a text editor, search for Mosquitto, and copy the password only. Do not modify the file, because the poster explicitly warns to use it as read-only for recovery. That caution matters because core.config_entries is part of Home Assistant’s internal configuration store. [#21377946]

How do I access the hidden .storage directory in Home Assistant to read core.config_entries?

Access Home Assistant’s file system with a share or file-access method, then enable viewing hidden folders so .storage becomes visible. The thread author used SMB integration from Windows, but also notes that any other file access solution should work. The key detail is that .storage is hidden, so you must reveal hidden directories before opening core.config_entries. [#21377946]

What precautions should I take before viewing Home Assistant's core.config_entries file to copy an MQTT password?

Treat the file as read-only and copy the password without changing anything. The thread gives one clear warning: do not edit core.config_entries. A safe workflow is to open it in a plain text editor, search for Mosquitto, copy the credential, and close the file. The main failure case is accidental edits to an internal Home Assistant storage file. [#21377946]

How do I use the recovered Home Assistant Mosquitto password to configure devices like OpenBeken?

Use the recovered password as the MQTT credential on each client device that connects to the Home Assistant Mosquitto broker. The thread gives OpenBeken as a concrete example and shows the recovered password being copied into device configuration. This avoids creating a new MQTT user and avoids reinstalling the Home Assistant MQTT setup just to reconnect existing clients. [#21377946]

What is Proxmox, and why would someone run Home Assistant and Zigbee2MQTT on it instead of directly on Raspberry Pi OS?

"Proxmox is a virtualization platform that runs separate virtual machines, isolating services and simplifying rollback." In the thread, one user runs it on a Raspberry Pi 5 with 8GB RAM and a USB3 SSD, then keeps Home Assistant in one VM and Zigbee2MQTT in another. The stated reason is resilience: monthly HA updates become safer when you can stop a VM, copy its image, and restore it if something breaks. [#21378680]

What is the QCOW2 format, and how does it help with backups and migration of Home Assistant virtual machines?

"QCOW2 is a virtual disk format that stores a VM image in a portable file, easing copying, rollback, and migration." The thread praises QCOW2 because its format is considered stable over time and easy to move between machines. That makes Home Assistant recovery faster: if a boot fails, you can restore a previous working VM image instead of repairing a damaged live system. [#21382398]

Home Assistant add-ons vs separate Docker containers vs full virtual machines — which setup is better for a smart home meant to last for years?

Separate containers or full VMs are presented as better long-term choices than keeping everything inside Home Assistant add-ons. One poster prefers separate Docker services because backups are just copies of each service’s config folder. Another prefers full virtualization for easy image rollback and remote recovery. The thread’s shared pattern is decoupling: keep MQTT, Zigbee2MQTT, and HA separable so one update does not threaten the whole stack. [#21382130]

What is Zigbee2MQTT, and why do some users prefer to keep it separate from Home Assistant?

"Zigbee2MQTT is a bridge service that connects Zigbee devices to an MQTT broker, keeping radio-device control independent from Home Assistant." In the thread, users separate it because new hardware may force updates, while MQTT and automation can remain more stable. One example setup runs Zigbee2MQTT in its own Linux VM so it can be updated or rebuilt without disturbing Home Assistant. [#21378680]

How should I design a smart home system with Mosquitto, Home Assistant, and Zigbee2MQTT for long-term reliability over 10 to 20 years?

Design it as three separate layers: MQTT broker, device bridge, and automation. The thread recommends Mosquitto as the common point, devices and Zigbee2MQTT communicating through it, and Home Assistant acting as only one automation layer. A concrete example targets 15–20 years by isolating MQTT, placing HA and Zigbee2MQTT on separate VMs, and keeping restores simple when updates fail. [#21378680]

What backup strategy works best for Home Assistant, Mosquitto, and Zigbee2MQTT on Raspberry Pi 5 with SSD storage?

The strongest strategy in the thread is image-level backup plus offline copy. One user stops the VM before major updates, copies the image, and restores it if the new version fails. On a Raspberry Pi 5 with an 8GB model and USB3 SSD, that same user also unplugged the USB drive and cloned it to a classic HDD. That gives both fast recovery and a second physical copy. [#21378680]

How do I change the auto-generated MQTT username and password in a new Home Assistant Mosquitto add-on installation so existing clients can keep their old credentials?

The thread does not provide a confirmed method to change the auto-generated Home Assistant Mosquitto credentials. The only direct statement is a later question from a user who wanted to reuse old Domoticz-era credentials across several dozen clients and could not solve it in the new HA MQTT add-on flow. So this thread answers recovery, not verified credential replacement. [#21566147]

What hardware and software choices make the most sense for a durable Home Assistant setup: Raspberry Pi 5 with passive cooling, Docker, native installs, or virtualization?

The thread supports two durable patterns: lightweight native or containerized services, and full virtualization when backup speed matters most. One poster favors Raspberry Pi 5, passive cooling, Samsung T7, Proxmox, and separate VMs. Others prefer Docker or native installs to save RAM and CPU. The clearest rule is practical: choose the simplest stack you can restore quickly after failure, especially over 10–25 years. [#21380945]
Generated by the language model.
ADVERTISEMENT