The "unencrypted identity" warning is triggered when it shouldn't be
Closed this issue · 1 comments
The warning at
agenix-rekey/modules/agenix-rekey.nix
Lines 163 to 164 in dbe0dc1
gets triggered, AFAICT, in any case some master identity path is not ending with .pub
or .age
, even when it's specified as a string referencing something outside the nix store (which is, mind, an option endorsed by the warning itself).
I'm not a Nix expert by a long shot, but I don't think anything's copied to the nix store if I have something like, e.g., age.rekey.masterIdentities = [ "/home/user/.ssh/id_ed25519" ];
?
Perhaps consider checking builtins.isPath
in
agenix-rekey/modules/agenix-rekey.nix
Line 160 in dbe0dc1
?
Yes you're right, this shouldn't occur in that case. Probably an oversight of mine because most users are using keygrabs. Generally it's okay to refer to a path outside your nix flake via a string, but not via an (impure) nix path. So using isString
should indeed solve that, will add that right now.