Closed Lukas-C closed 3 months ago
I was met with the following output:
[...] error: Cannot generate as it isn't a direct subpath of the flake directory /nix/store/h9fl1a96wgcsfp4qd7hqnqczi2zp8xva-source, meaning this script cannot determine its true origin!
which seems to refer to the cleanup of orphaned files added in this commit: 8d42875
Ah yes, good catch! Sorry for the inconveniences 😅
I think it would be great to be able to retain this approach by guarding the removal of orphaned files by checking first if
age.rekey.generatedSecretsDir
is set for any of the available nodes. I would of course be happy to attempt myself at a PR for what should probably be a relatively simple fix.
Absolutely, this logic should really only be included if age.rekey.generatedSecretsDir
is actually set on a host. The fix should really just need to filter out any hosts that don't set the option. And of course I'd be happy to accept your PR if you are willing to make one!
Thank you again for your work!
❤️
Perfect. I will get to work and send the PR when it's ready!
Hello,
first of all, thank you for your work on this project, I have been happily using it for the past year in several personal deployments where managing secrets would have been a lot less convenient otherwise! Throughout my time working with the project I have collected some minor issues, which I thought I should share with you.
Recently I was restructuring a project and used that as an opportunity to regenerate some secrets. However, upon running
I was met with the following output:
After some digging, I noticed
which seems to refer to the cleanup of orphaned files added in this commit: https://github.com/oddlama/agenix-rekey/commit/8d42875722b04a56dc76e45f5ca0f2670d389f6f
Once I realized this, I noticed that I had not set
age.rekey.generatedSecretsDir
for any of my hosts, as I prefer to keep the generated secrets adjacent to the regular secrets, which means that I usually specifyage.secrets.<secretName>.rekeyFile
manually. I think it would be great to be able to retain this approach by guarding the removal of orphaned files by checking first ifage.rekey.generatedSecretsDir
is set for any of the available nodes. I would of course be happy to attempt myself at a PR for what should probably be a relatively simple fix.Thank you again for your work!
Edit: I fat-fingered and submitted only part of the issue description, updated the comment with the full information.