Can/how do you manage ssh authorized keys with sops-nix?

sops-nix only allows for you to grab the path of the key files for security reasons, but
users.users.<user>.openssh.authorizedKeys.keyFiles = [config.sops.secrets.ssh-<machine>.path ]

causes
error: access to absolute path '/run/secrets/<ssh config for machine>' is forbidden in pure eval mode (use '--impure' to override) on build.

I assume there has to be a better way to extract keys from sops-nix for authorizedKeys, but googling around and searching the forum hasn’t yet found much in terms of solutions for this particular use.

Still no luck figuring this out.

It’s not a huge concern to me right now, so I’m going back to pubkeys sitting in my git repo for now until I get the motivation to dive this again. I’ll report back if I find anything useful.