diff --git a/pkgs/agenix.nix b/pkgs/agenix.nix
index 3978cfa..e399dd0 100644
--- a/pkgs/agenix.nix
+++ b/pkgs/agenix.nix
@@ -2,7 +2,7 @@
   lib,
   stdenv,
   rage,
-  gnused,
+  jq,
   nix,
   mktemp,
   diffutils,
@@ -15,7 +15,7 @@ stdenv.mkDerivation rec {
   version = "0.14.0";
   src = substituteAll {
     inherit ageBin version;
-    sedBin = "${gnused}/bin/sed";
+    jqBin = "${jq}/bin/jq";
     nixInstantiate = "${nix}/bin/nix-instantiate";
     mktempBin = "${mktemp}/bin/mktemp";
     diffBin = "${diffutils}/bin/diff";
diff --git a/pkgs/agenix.sh b/pkgs/agenix.sh
index c83abeb..5980fe6 100644
--- a/pkgs/agenix.sh
+++ b/pkgs/agenix.sh
@@ -115,7 +115,7 @@ function cleanup {
 trap "cleanup" 0 2 3 15
 
 function keys {
-    (@nixInstantiate@ --eval -E "(let rules = import $RULES; in builtins.concatStringsSep \"\n\" rules.\"$1\".publicKeys)" | @sedBin@ 's/"//g' | @sedBin@ 's/\\n/\n/g') | @sedBin@ '/^$/d' || exit 1
+    (@nixInstantiate@ --json --eval -E "(let rules = import $RULES; in rules.\"$FILE\".publicKeys)" | @jqBin@ -r .[]) || exit 1
 }
 
 function decrypt {
@@ -185,7 +185,7 @@ function edit {
 }
 
 function rekey {
-    FILES=$( (@nixInstantiate@ --eval -E "(let rules = import $RULES; in builtins.concatStringsSep \"\n\" (builtins.attrNames rules))"  | @sedBin@ 's/"//g' | @sedBin@ 's/\\n/\n/g') || exit 1)
+    FILES=$( (@nixInstantiate@ --json --eval -E "(let rules = import $RULES; in builtins.attrNames rules)"  | @jqBin@ -r .[]) || exit 1)
 
     for FILE in $FILES
     do