Error when trying to edit file
a12l opened this issue · 8 comments
When I try to edit the file a12l_password.age
I get an error message
$ ragenix -e a12l_password.age
error: secrets rules are invalid: './secrets.nix'
Failed to read ./secrets.nix as JSON
My expected result is that my $EDITOR
starts with the decrypted file in a buffer.
This is my secrets.nix
file:
let
a12l = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH9yYBrcu2A7N5S93yOgK7J9wNcMUWMN2va2cd7srZ6m";
users = [a12l];
p-desktop1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK1YN6HPXhnwhxr/qzvIstjLP70h+EXJ95/Ilsrl9W/0";
systems = [p-desktop1];
in {"a12l_password.age".publicKeys = [a12l p-desktop1];}
I've looked at
$ ragenix --schema
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"description": "Agenix secrets rules schema",
"type": "object",
"properties": {},
"additionalProperties": {
"type": "object",
"description": "An age-encrypted file",
"required": [
"publicKeys"
],
"properties": {
"publicKeys": {
"type": "array",
"minItems": 1,
"items": {
"type": "string",
"description": "An age-compatible recipient, e.g., an ed25519 SSH public key"
},
"uniqueItems": true
}
}
}
}
but I don't know when the schema is checked in the evaluation process.
Thanks for reporting! Unfortunately, I cannot reproduce this: the given secrets.nix
works fine with ragenix -e a12l_password.age
, i.e., my $EDITOR
opens the (new) file for editing.
Maybe ragenix
fails to execute nix
. Does the following work for you?
nix --extra-experimental-features nix-command eval -f secrets.nix --json
Maybe
ragenix
fails to executenix
. Does the following work for you?
$ nix --extra-experimental-features nix-command eval -f secrets.nix --json
{"a12l_password.age":{"publicKeys":["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH9yYBrcu2A7N5S93yOgK7J9wNcMUWMN2va2cd7srZ6m","ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK1YN6HPXhn
Addendum:
I've enabled all the necessary features (I think), and have the latest Nix stable version from unstable
.
nix = {
package = pkgs.nixStable;
extraOptions = ''
experimental-features = nix-command flakes recursive-nix
keep-outputs = true
keep-derivations = true
'';
systemFeatures = ["recursive-nix"];
}
So this works
$ nix eval -f secrets.nix --json
{"a12l_password.age":{"publicKeys":["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH9yYBrcu2A7N5S93yOgK7J9wNcMUWMN2va2cd7srZ6m","ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK1YN6HPXhnwhxr/qzvIstjLP70h+EXJ95/Ilsrl9W/0"]}}
$ nix --version
nix (Nix) 2.6.1
I'm using the latest commit of Ragenix on main
.
Could you please retry with the latest main
(I've just merged #99)? I have my doubts that this helps but who knows.
Could you please retry with the latest
main
(I've just merged #99)? I have my doubts that this helps but who knows.
Done. But the problem persists. :(
I'm running into the same issue while attempting to --rekey
on x86_64-darwin
.
I've run nix eval
on the file with no issues. The original agenix
command is also able to read the file and rekey.
❯ ragenix --verbose --rekey
error: secrets rules are invalid: './secrets.nix'
Failed to read ./secrets.nix as JSON
❯ nix --version
nix (Nix) 2.8.0
I'm wondering if it has something to do with the use of defining variables with let ... in
at the beginning of the file…?
Edit: Doesn't seem to be caused by the variables… I took the time to copy the keys verbatim into each secret's publicKeys
list and removed the let ... in
, but I still get the same error.
Yeah I have no idea. I reduced my secrets.nix
to just the following:
{
"wireless.env.age".publicKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJsVn0I6Q0rL94W2V89efhUiffAeJfDtHYcW6czXcPkh"
];
}
And still the same error.
I've also come across this issue... But only running in a terminal inside of VS Code. Other terminals were OK.
I looked through the differences in the environments and ragenix --rekey
broke immediately when the LD_LIBRARY_PATH
variable was defined:
$ ragenix --rekey
Rekeying /home/x/nix-secrets/test.age
$ declare -x LD_LIBRARY_PATH="/run/current-system/sw/share/nix-ld/lib"
$ ragenix --rekey
error: secrets rules are invalid: './secrets.nix'
Failed to read ./secrets.nix as JSON
This variable exists (apparently only in VS Code environments for me) because I also have nix-ld
installed to allow VS Code extensions and other binaries to work in NixOS and other systems. So I'm wondering if something about the substituted libraries coming from nix-ld
and the LD_LIBRARY_PATH
might be interfering with ragenix
.
As others have reported, agenix
continues to work as intended.
The contents of secrets.nix
doesn't appear to matter.
Hope this helps. 🙂