You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm able to use agenix (the CLI) with age or rage using the age-plugin-yubikey, but when using agenix as NixOS module and referencing secrets, agenix is not able to invoke the age or rage commands and have them detect the installed plugin.
When running sudo nixos-rebuild, age doesn't want to invoke the age-plugin-yubikey. Or using rage, it can't find the plugin at all.
# Configure agenixage={ageBin="${pkgs.age}/bin/age";#ageBin = "${pkgs.rage}/bin/rage";identityPaths=[../identity.txt];# Reference age secret filessecrets={bar={file=../secrets/bar.age;};};};
# age 1.1.1
$ sudo nixos-rebuild switch
...
[agenix] decrypting secrets...
decrypting '/nix/store/7daqifqz4avszwsm5r2kmf2lvqmw00zx-bar.age' to '/run/agenix.d/30/bar'...
age: error: yubikey plugin: couldn't start plugin: age-plugin-yubikey resolves to executable in current directory (./age-plugin-yubikey)
# rage 0.9.2
$ sudo nixos-rebuild switch
...
[agenix] decrypting secrets...
decrypting '/nix/store/7daqifqz4avszwsm5r2kmf2lvqmw00zx-bar.age' to '/run/agenix.d/31/bar'...
Error: Could not find 'age-plugin-yubikey' on the PATH.
Have you installed the plugin?
Both age and rage are able to detect and use the plugin when I use them directly or when I use the agenix CLI. I've tried installing them with both environment.systemPackage and home-manage home-packages. I think this is something to do with the nixos-rebuild environment's view of the PATH, like it just can't see plugins in general. Is there a way to tell this module about these plugins that I'm missing?
I’m pretty sure you should be able to wrap age and overwrite ageBin so that it always has the plugin in PATH. That could potentially work, at least as a workaround until there’s first party support for that in agenix
I'm able to use
agenix
(the CLI) withage
orrage
using theage-plugin-yubikey
, but when usingagenix
as NixOS module and referencing secrets,agenix
is not able to invoke theage
orrage
commands and have them detect the installed plugin.When running
sudo nixos-rebuild
,age
doesn't want to invoke theage-plugin-yubikey
. Or usingrage
, it can't find the plugin at all.Both
age
andrage
are able to detect and use the plugin when I use them directly or when I use theagenix
CLI. I've tried installing them with both environment.systemPackage and home-manage home-packages. I think this is something to do with the nixos-rebuild environment's view of the PATH, like it just can't see plugins in general. Is there a way to tell this module about these plugins that I'm missing?Related: #115
The text was updated successfully, but these errors were encountered: