-
Notifications
You must be signed in to change notification settings - Fork 18
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
error: Rekeyed secret for age.secrets.<name> not found, please run agenix rekey -a
again and make sure to add the results to git.
#31
Comments
The rekeyed secret path looks wrong, since it should be a relative path beginning with your flake's root directory in the store. This happens when you call From what I can see in your config repo, you set the directories like this:
But "${self}/path/to/dir" will copy said path into the nix store as a separate entity as described above. What you should do to avoid this is to use
|
changed
to
ran
|
You probably need to change all |
I made sure to replace all the
could this have something to do with this part of the readme about the nixpkgs version? as far as I understood it, that part is mainly relevant for
|
Okay so I've cloned your repo now and found that for some reason your Changing the definition to force read the key fixes the problem in my local copy of your repo: hostPubkey = builtins.readFile (self.outPath + "/hosts/${config.networking.hostName}/secrets/host.pub"); Can you confirm whether this works for you too? I have no idea how this could happen, it basically means that the option is not properly coerced, which - to my knowledge - should not be possible... The option should automatically call |
first of all, thanks for your help with this problem. age.rekey.hostPubkey = "${self}/hosts/${config.networking.hostName}/secrets/host.pub"; fails with
changing that to hostPubkey = builtins.readFile "${self}/hosts/${config.networking.hostName}/secrets/host.pub"; works fine... I don't have much time to look into this today, but if there's anything you want me to try/run, lmk & I'll get to it tomorrow or so |
I started using agenix-rekey a few weeks ago, but got busy & only got back to further integrating it yesterday. Now I'm trying to deploy a wireguard secret to my main laptop using
age.secrets.einzig_kainas.rekeyFile = "${self}/secrets/wg-cluster/psks/einzig_kainas.age";
After supplying host keys, running
agenix generate
(I provided a generator script usingwg genpsk
, took a page out of your config ;) ) &agenix rekey -a
, I have the following secrets in my rekey dir:The error:
After rekeying again & adding everything to git:
The
einzig_kainas
file is exactly the one from the error I got before...The new error:
If I rekey again, that file (
9a755e82cca785ab054bbbd1f4f67518-einzig_kainas.age
) shows up. Any clues as to what's going wrong? Rekeying & generating secrets works fine, which makes me think that I configured everything correctly...Here is a trace of the error:
trace
The text was updated successfully, but these errors were encountered: