From 7369f32be424e8462f35aecdd1d139f368e52679 Mon Sep 17 00:00:00 2001 From: musjj <72612857+musjj@users.noreply.github.com> Date: Thu, 18 Sep 2025 17:37:17 +0700 Subject: [PATCH] clarify the differences between sshKeyPaths and sshKeyFile --- modules/home-manager/sops.nix | 10 ++++++---- modules/nix-darwin/default.nix | 11 +++++++---- modules/sops/default.nix | 10 ++++++---- 3 files changed, 19 insertions(+), 12 deletions(-) diff --git a/modules/home-manager/sops.nix b/modules/home-manager/sops.nix index d792c4c..17a6cd6 100644 --- a/modules/home-manager/sops.nix +++ b/modules/home-manager/sops.nix @@ -257,6 +257,8 @@ in example = "/home/someuser/.ssh/id_ed25519"; description = '' Path to ssh key file that will be used by age for sops decryption. + + Unlike {option}`config.sops.age.sshKeyPaths`, this option makes use of the native ssh key support in age and requires no conversion. ''; }; @@ -264,10 +266,10 @@ in type = lib.types.listOf lib.types.path; default = [ ]; description = '' - Paths to ssh keys added as age keys during sops description. The ssh - keys will be converted into age keys manually using ssh-to-age. - - This option is deprecated and will be removed in the future. Use sops.age.sshKeyFile instead. + Paths to ssh keys added as age keys during sops description. + + These ssh keys will be converted into age keys automatically using + ssh-to-age before they are fed to age. ''; }; }; diff --git a/modules/nix-darwin/default.nix b/modules/nix-darwin/default.nix index 3c975b2..88e1ffe 100644 --- a/modules/nix-darwin/default.nix +++ b/modules/nix-darwin/default.nix @@ -306,6 +306,9 @@ in example = "/etc/ssh/ssh_host_ed25519_key"; description = '' Path to ssh key file that will be used by age for sops decryption. + + Unlike {option}`config.sops.age.sshKeyPaths`, this option makes use of + the native ssh key support in age and requires no conversion. ''; }; @@ -314,10 +317,10 @@ in default = defaultImportKeys "ed25519"; defaultText = lib.literalMD "The ed25519 keys from {option}`config.services.openssh.hostKeys`"; description = '' - Paths to ssh keys added as age keys during sops description. The ssh - keys will be converted into age keys manually using ssh-to-age. - - This option is deprecated and will be removed in the future. Use sops.age.sshKeyFile instead. + Paths to ssh keys added as age keys during sops description. + + These ssh keys will be converted into age keys automatically using + ssh-to-age before they are fed to age. ''; }; }; diff --git a/modules/sops/default.nix b/modules/sops/default.nix index 67c166f..6dde8f3 100644 --- a/modules/sops/default.nix +++ b/modules/sops/default.nix @@ -345,6 +345,8 @@ in example = "/etc/ssh/ssh_host_ed25519_key"; description = '' Path to ssh key file that will be used by age for sops decryption. + + Unlike {option}`config.sops.age.sshKeyPaths`, this option makes use of the native ssh key support in age and requires no conversion. ''; }; @@ -353,10 +355,10 @@ in default = defaultImportKeys "ed25519"; defaultText = lib.literalMD "The ed25519 keys from {option}`config.services.openssh.hostKeys`"; description = '' - Paths to ssh keys added as age keys during sops description. The ssh - keys will be converted into age keys manually using ssh-to-age. - - This option is deprecated and will be removed in the future. Use sops.age.sshKeyFile instead. + Paths to ssh keys added as age keys during sops description. + + These ssh keys will be converted into age keys automatically using + ssh-to-age before they are fed to age. ''; }; };