diff --git a/base/Dockerfile b/base/Dockerfile
index 6240fd6..e754f5c 100644
--- a/base/Dockerfile
+++ b/base/Dockerfile
@@ -14,11 +14,14 @@ ENV \
 # Copy root filesystem
 COPY rootfs /
 
+# Copy yq
+ARG BUILD_ARCH=amd64
+COPY bin/yq_${BUILD_ARCH} /usr/bin/yq
+
 # Set shell
 SHELL ["/bin/ash", "-o", "pipefail", "-c"]
 
 # Install base system
-ARG BUILD_ARCH=amd64
 RUN \
     set -o pipefail \
     \
diff --git a/base/bin/yq_aarch64 b/base/bin/yq_aarch64
new file mode 100755
index 0000000..8715c70
Binary files /dev/null and b/base/bin/yq_aarch64 differ
diff --git a/base/bin/yq_amd64 b/base/bin/yq_amd64
new file mode 100755
index 0000000..3393377
Binary files /dev/null and b/base/bin/yq_amd64 differ
diff --git a/base/bin/yq_armhf b/base/bin/yq_armhf
new file mode 100755
index 0000000..bc1575f
Binary files /dev/null and b/base/bin/yq_armhf differ
diff --git a/base/bin/yq_i386 b/base/bin/yq_i386
new file mode 100755
index 0000000..ad301e8
Binary files /dev/null and b/base/bin/yq_i386 differ
diff --git a/base/rootfs/usr/lib/hassio-addons/modules/api.sh b/base/rootfs/usr/lib/hassio-addons/modules/api.sh
index b6446fb..168d5be 100644
--- a/base/rootfs/usr/lib/hassio-addons/modules/api.sh
+++ b/base/rootfs/usr/lib/hassio-addons/modules/api.sh
@@ -72,8 +72,8 @@ hass.api.call() {
 
     hass.log.debug "Requested API resource: ${HASS_API_ENDPOINT}${resource}"
     hass.log.debug "API HTTP Response code: ${status}"
-    hass.log.debug "API Response: ${response}" 
-    
+    hass.log.debug "API Response: ${response}"
+
     if [[ "${status}" -eq 401 ]]; then
         hass.log.error "Unable to authenticate with the API, permission denied"
         return "${EX_NOK}"
diff --git a/base/rootfs/usr/lib/hassio-addons/modules/config.sh b/base/rootfs/usr/lib/hassio-addons/modules/config.sh
index 612a8fa..8f83deb 100644
--- a/base/rootfs/usr/lib/hassio-addons/modules/config.sh
+++ b/base/rootfs/usr/lib/hassio-addons/modules/config.sh
@@ -30,6 +30,11 @@ hass.config.get() {
         return "${EX_OK}"
     fi
 
+    if hass.config.is_secret "${key}"; then
+        hass.config.get_secret "${key}"
+        return "${EX_OK}"
+    fi
+
     if hass.jq.is_string "${ADDON_CONFIG_PATH}" ".${key}"; then
         hass.jq "${ADDON_CONFIG_PATH}" ".${key} // empty"
         return "${EX_OK}"
@@ -53,15 +58,55 @@ hass.config.get() {
         fi
         return "${EX_OK}"
     fi
-    
+
     if hass.jq.is_number "${ADDON_CONFIG_PATH}" ".${key}"; then
         hass.jq "${ADDON_CONFIG_PATH}" ".${key}"
         return "${EX_OK}"
     fi
-    
+
     return "${EX_NOK}"
 }
 
+# ------------------------------------------------------------------------------
+# Gets a configuration option value by getting it from secrets.yaml
+#
+# Arguments:
+#   $1 Key of the config option
+# Returns:
+#   Value of the key in the referenced to the secrets file
+# ------------------------------------------------------------------------------
+hass.config.get_secret() {
+    local key=${1}
+    local secret
+    local value
+
+    hass.log.trace "${FUNCNAME[0]}:" "$@"
+
+    if ! hass.directory_exists "/config"; then
+        hass.die "This add-on does not support secrets!"
+    fi
+
+    if ! hass.file_exists "/config/secrets.yaml"; then
+        hass.die "A secret was requested, but could not find a secrets.yaml"
+    fi
+
+    if ! hass.config.is_secret "${key}"; then
+        hass.die "The requested secret does not reference the secrets.yaml"
+    fi
+
+    secret=$(hass.jq "${ADDON_CONFIG_PATH}" ".${key} // empty")
+    secret="${secret#'!secret '}"
+
+    value=$(yq read "/config/secrets.yaml" "${secret}" )
+
+    if [[ "${value}" = "null" ]]; then
+        hass.die "Secret ${secret} not found in secrets.yaml file."
+    fi
+
+    echo "${value}"
+    return "${EX_OK}"
+}
+
 # ------------------------------------------------------------------------------
 # Checks if a configuration option exists in the config file
 #
@@ -145,3 +190,28 @@ hass.config.false() {
 
     return "${EX_NOK}"
 }
+
+# ------------------------------------------------------------------------------
+# Checks if a configuration option is refering to a secret
+#
+# Arguments:
+#   $1 Key of the config option
+# Returns:
+#   None
+# ------------------------------------------------------------------------------
+hass.config.is_secret() {
+    local key=${1}
+    hass.log.trace "${FUNCNAME[0]}:" "$@"
+
+    if ! hass.jq.is_string "${ADDON_CONFIG_PATH}" ".${key}"; then
+        return "${EX_NOK}"
+    fi
+
+    if [[
+        "$(hass.jq "${ADDON_CONFIG_PATH}" ".${key} // empty")" != '!secret '*
+    ]]; then
+        return "${EX_NOK}"
+    fi
+
+    return "${EX_OK}"
+}