agenix/doc/rekeying.md

14 lines
407 B
Markdown
Raw Permalink Normal View History

# Rekeying {#rekeying}
If you change the public keys in `secrets.nix`, you should rekey your
secrets:
```ShellSession
$ agenix --rekey
```
To rekey a secret, you have to be able to decrypt it. Because of
randomness in `age`'s encryption algorithms, the files always change
when rekeyed, even if the identities do not. (This eventually could be
improved upon by reading the identities from the age file.)