Need some sops help

ThePhatLe · December 21, 2025, 6:13am

i have sops setup and secrets are working and enabled since i can boot and login to system without issues, but when i try to edit sops secrets.yaml i cant decrypt it for error that same basically without affect if i use sudo or not so this has been making me crazy

❯ sops /etc/nixos/secrets.yaml
Failed to get the data key required to decrypt the SOPS file.

Group 0: FAILED
  age1tv9ws7tdvqm2k035766qmnwg5av7hxqkcegt68gwt6cyphs68fmsf82tdt: FAILED
    - | failed to load age identities. Errors while loading age
      | identities: failed to open file: open
      | /etc/ssh/ssh_host_ed25519_key: permission denied. Did not
      | find keys in locations '/home/phatle/.ssh/id_ed25519',
      | '/home/phatle/.ssh/id_rsa', 'SOPS_AGE_KEY',
      | 'SOPS_AGE_KEY_FILE', 'SOPS_AGE_KEY_CMD', and
      | '/home/phatle/.config/sops/age/keys.txt'.

Recovery failed because no master key was able to decrypt the file. In
order for SOPS to recover the file, at least one key has to be successful,
but none were.

waffle8946 · December 21, 2025, 9:40pm

Ensure your .sops.yaml is correct and that you have the corresponding key available.

Michael-C-Buckley · December 22, 2025, 2:05am

It is exactly as it says, You have no keys to decrypt the file. What does that key represent? You should create yourself a user age key and make it available so that you can decrypt things without having to jump through hops.

waffle8946 · December 22, 2025, 5:16am

https://github.com/getsops/sops?tab=readme-ov-file#using-sops-yaml-conf-to-select-kms-pgp-and-age-for-new-files

ThePhatLe · December 22, 2025, 12:22pm

thank you for all the help and solution was so simple at the end i never made user key or keys.txt in /home/user/.config/sops/age/. after that all was easy to go forward and add more keys to secrets