clarify the differences between sshKeyPaths and sshKeyFile

2025-12-26 14:14:58 +08:00 · 2025-09-18 17:37:17 +07:00 · 2025-09-18 17:37:17 +07:00 · 7369f32be4
commit 7369f32be4
parent e148dc2c68
3 changed files with 19 additions and 12 deletions
--- a/modules/home-manager/sops.nix
+++ b/modules/home-manager/sops.nix
@ -257,6 +257,8 @@ in
        example = "/home/someuser/.ssh/id_ed25519";
        description = ''
          Path to ssh key file that will be used by age for sops decryption.
+          
+          Unlike {option}`config.sops.age.sshKeyPaths`, this option makes use of the native ssh key support in age and requires no conversion.
        '';
      };

@ -264,10 +266,10 @@ in
        type = lib.types.listOf lib.types.path;
        default = [ ];
        description = ''
-          Paths to ssh keys added as age keys during sops description. The ssh
-          keys will be converted into age keys manually using ssh-to-age.
-
-          This option is deprecated and will be removed in the future. Use sops.age.sshKeyFile instead.
+          Paths to ssh keys added as age keys during sops description.
+          
+          These ssh keys will be converted into age keys automatically using
+          ssh-to-age before they are fed to age.
        '';
      };
    };
--- a/modules/nix-darwin/default.nix
+++ b/modules/nix-darwin/default.nix
@ -306,6 +306,9 @@ in
        example = "/etc/ssh/ssh_host_ed25519_key";
        description = ''
          Path to ssh key file that will be used by age for sops decryption.
+          
+          Unlike {option}`config.sops.age.sshKeyPaths`, this option makes use of
+          the native ssh key support in age and requires no conversion.
        '';
      };

@ -314,10 +317,10 @@ in
        default = defaultImportKeys "ed25519";
        defaultText = lib.literalMD "The ed25519 keys from {option}`config.services.openssh.hostKeys`";
        description = ''
-          Paths to ssh keys added as age keys during sops description. The ssh
-          keys will be converted into age keys manually using ssh-to-age.
-
-          This option is deprecated and will be removed in the future. Use sops.age.sshKeyFile instead.
+          Paths to ssh keys added as age keys during sops description.
+          
+          These ssh keys will be converted into age keys automatically using
+          ssh-to-age before they are fed to age.
        '';
      };
    };
--- a/modules/sops/default.nix
+++ b/modules/sops/default.nix
@ -345,6 +345,8 @@ in
        example = "/etc/ssh/ssh_host_ed25519_key";
        description = ''
          Path to ssh key file that will be used by age for sops decryption.
+          
+          Unlike {option}`config.sops.age.sshKeyPaths`, this option makes use of the native ssh key support in age and requires no conversion.
        '';
      };

@ -353,10 +355,10 @@ in
        default = defaultImportKeys "ed25519";
        defaultText = lib.literalMD "The ed25519 keys from {option}`config.services.openssh.hostKeys`";
        description = ''
-          Paths to ssh keys added as age keys during sops description. The ssh
-          keys will be converted into age keys manually using ssh-to-age.
-
-          This option is deprecated and will be removed in the future. Use sops.age.sshKeyFile instead.
+          Paths to ssh keys added as age keys during sops description.
+          
+          These ssh keys will be converted into age keys automatically using
+          ssh-to-age before they are fed to age.
        '';
      };
    };