-
Notifications
You must be signed in to change notification settings - Fork 13
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
/run/agenix/...: No such file or directory #13
Comments
Unfortunately I have no idea what's going on there. That definitely sounds like a problem related to rage in some way, especially if age works. Do you have the pcsc-lite daemon running? Does it work outside of agenix-rekey? Maybe I can add an option in the future to choose between the two.
Yes you should always rekey as yourself, sorry if that wasn't clear. Maybe a future change will remove the need for that. I chose to split the rekeyed secrets by UID to prevent other users from being able to hijack rekeyed secrets between rekey- and build-time.
This looks like a general issue with how you are using agenix. So you are trying to use the decrypted result of a secret at build time, which creates a chicken-egg problem. The secret is only created after building and switching, but building is only possible if the file is already in /run/agenix. Usually you would use agenix with options that are called A simple fix for this should be to create link to the decrypted file instead of referencing it directly:
|
@oddlama thank you so much for all of your help!
Adding an option to switch to
A quick note in the docs would be appreciated for n00bies like me 😄
How does agenix-rekey determine the UID? I'm a little confused here because I was running everything as
So here's the weird thing. I got so carried away with the possibility of using your library that I never actually tried setting up vanilla agenix the "normal" way with SSH keys and so on, I went straight into using agenix-rekey. Last night, after opening this issue, I decided to try a standard agenix setup. As I was looking through their repo, I noticed that home-manager (HM) integration is far from a stable thing, even though--as the first comment points out--merely passing agenix paths to HM modules shouldn't require any special integration. I also used On a hunch, I tried generating the file in The question is, why? When I use the
I just tried it and it works, thank you so much for this hint. I only had to adjust the
And for good measure for those coming from the Internet: if you try to confirm the presence of your secret inside of |
Hi there! Thank you so much for your work on this library, I'm stubbornly wedded to the idea of using it.
Unfortunately, I've been struggling to get it working on my NixOS machine. Here are the issues I've run into:
agenix rekey
,rage
gets stuck on thePlease insert YubiKey with serial
prompt. If I insert my YubiKey, it doesn't recognize it. Whether I press "y" or "n", doesn't matter, it just repeats the same prompt over and over again. The same problem doesn't happen withage
for some reason, so I got around this issue by forking your repo and replacing references torage
withage
. Kinda dumb but it works enough to get me to the next error...agenix rekey
, for the longest time I kept bashing my head against theAt least one rekeyed secret is missing, please run agenix rekey again
error. In the end, I noticed that it kept printing a path:rekeyed secret: /tmp/agenix-rekey.1000/...
. Hmm, the1000
looks suspiciously like a user uid. The problem was that I was prefixing withsudo
, as insudo agenix rekey
. The error went away when I stopped running the command with elevated privileges (after adding my user toallowed_users
in my nix config).Which leads me to my final problem that I can't get around:
agenix rekey
, I keep seeing this error:getting status of '/run/agenix/piknikHybridConfig': No such file or directory
.piknikHybridConfig
is a secret that I've set up in my NixOS modules, which I'm trying to reference within Home Manager usinghome.file.".config/piknik/piknik.toml".source = osConfig.age.secrets.piknikHybridConfig.path
.The relevant NixOS module looks like:
The full reference to my secret looks like this:
Any ideas what might be going wrong?
The text was updated successfully, but these errors were encountered: