Agenix problems

I’m trying to use agenix to manage encrypted secrets on my NixOS machine. I’m starting with my git signing key; I told agenix in my secrets.nix that I only wanted to sign this secret with both the system’s and user’s ed2115 SSH keys. Why is it that agenix -e git_signing_key.age asks me for my RSA key password?

Sounds like something that shouldn’t happen. You mean something like this?

A full example would be helpful.

1 Like

Exactly like that. I will have a concrete example soon

Concrete example that fails with the same error

secrets/secrets.nix

let
  rocky = "ssh-ed25519";
  elaine = "ssh-ed25519";
in
{
  "secret1.age".publicKeys = [ rocky elaine ];
}

And the actual secret could be anything :slight_smile:

Time to take it to GitHub?

Unfortunately, I cannot reproduce this. Maybe opening an upstream issue with detailed instructions about your setup and the steps you executed is the best way forward.

cc @ryantm