Passage requiring first entry of .age-recipients for decryption

[solomon-b]

I've setup three Yubikeys with Age and configured passage to use them by running once for each yubikey:

➜ age-plugin-yubikey --identity >> $HOME/.passage/identities
➜ age-plugin-yubikey --list >> $HOME/.passage/store/.age-recipients

I then generated a test password and am only able to decrypt it with the first yubikey I added to the .age-recipients file:

➜ passage test/pass               
Please insert YubiKey with serial 19234119: (y/n) 

[solomon-b]

I noticed issue #7 addresses my question. The expected behavior should be that after a timeout I am able to use the alternate key(s) however, passage is sitting at this prompt:

passage test
Please insert YubiKey with serial 22388305: (y/n) Waiting for ⁨age-plugin-yubikey⁩...

[surmeier]

I think passage is great but it seems to be designed entirely around 1 machine with 1 key which is unfortunate. Ideally it would be trivial to have the password repository on multiple machines, each with their own yubikey (i.e. each connected to a 5C nano).

[FiloSottile]

have the password repository on multiple machines, each with their own yubikey

This is totally doable: on each machine you use a different identities file listing its associated YubiKey, and you put all recipients in the recipient file.

What I think @solomon-b is trying to do is to have multiple YubiKeys listed in the same identities file on the same machine. That will try them in order, but should work. What happens if you type n at the (y/n) prompt? What version of age are you using?