Agenix Clarification Questions- Replace inplace strings and key locations

Hi there, I was reading the wiki entry on agenix. Had a few quick questions for clarification.

  • While there is a “workaround” to replace strings/secrets, does anyone know if there are plans to support this officially in Agenix? Or is there a better way to deal with this?
  • what confuses me about the current replace method, how would this work if you are using home-manager, and your config files are symlinks?
  • when creating the /etc/nixos/secrets/secrets.nix file and adding your pub keys, how does the system know about which private keys in ~/.ssh? Even though the instructions show, you create the secret with agenix -e secret1.age, I assume you need to pass in the desired private key with the -i flag.
  • The instructions discuss using ssh-keyscan to get your pub key. I assume I can just cat my pub key in my ~/.ssh folder and paste that in as well?

Maybe I am confused about the structures and behaviour here and am missing something. :slight_smile:

Thank you.