Issue with getting started with sops-nix

Oneechan69 · July 9, 2025, 6:56pm

I’m trying to follow this tutorial for sops-nix Managing Secrets in NixOS Home Manager with SOPS. Under Create and Encrypt the Secrets File, I tried nix-shell -p sops --run "sops secrets.yaml" but I keep getting config file not found, or has no creation rules, and no keys provided through command line options, despite .sops.yaml existing in the current directory. What do I do? Is there something I’m missing?

Also, let me know if there’s a better tutorial that explains things for noobs that never used sops at all.

waffle8946 · July 9, 2025, 11:34pm

Post the contents of your .sops.yaml (you can redact the keys if you want, but copy everything else exactly, yaml is whitespace-sensitive).

Oneechan69 · July 15, 2025, 1:01am

The article had the indentation wrong for .sops.yaml, it’s supposed to look like this:

keys:
  - &host_hostname <youragekey>
creation_rules:
  - path_regex: secrets.yaml$
    key_groups:
    - age:
      - *host_hostname

waffle8946 · July 15, 2025, 1:55am

Yeah, that’s in the readme… generally articles by random users are not the best quality. Prefer upstream docs.

github.com/Mic92/sops-nix

README.md?plain=1

2c8def626


      
          ```yaml
          # This example uses YAML anchors which allows reuse of multiple keys 
          # without having to repeat yourself.
          # Also see https://github.com/Mic92/dotfiles/blob/d6114726d859df36ccaa32891c4963ae5717ef7f/nixos/.sops.yaml
          # for a more complex example.
          keys:
            - &admin_alice 2504791468b153b8a3963cc97ba53d1919c5dfd4
            - &admin_bob age12zlz6lvcdk6eqaewfylg35w0syh58sm7gh53q5vvn7hd7c6nngyseftjxl
          creation_rules:
            - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
              key_groups:
              - pgp:
                - *admin_alice
                age:
                - *admin_bob
          ```