agenix fails silently when passing a string instead of a path as secret

[luxarf]

I noticed the following behaviour that was unexpected for me:

When defining secrets as paths, everything works as expected: { age.secrets.secret1.file = ../secrets/secret1.age; }

But when passing a string instead, agenix silently fails: { age.secrets.secret1.file = customSecretsPath + "/secret1.age"; } No warning is printed and no secret is copied to the nix store which results in failed deploys.

A suitable workaround is the following (which makes the string a path again): { age.secrets.secret1.file = /. + customSecretsPath + "/secret1.age"; }

Is this intended behaviour?

When passing a string as path I would have expected agenix to either handle it automatically or warn about it instead of doing nothing. If only passing paths should be supported (which is a reasonable choice), it might be beneficial to make this explicit in the tutorial.

Context: Why am I not simply passing a path? The repo I am working with is structured in a way that it would result in definitions that would look something like this: { age.secrets.secret1.file = ../../../../../../secrets/secret1.age; }, which is kind of hard to reason about.