mirror of https://github.com/ryantm/agenix.git
407 B
407 B
Rekeying
If you change the public keys in secrets.nix
, you should rekey your
secrets:
$ agenix --rekey
To rekey a secret, you have to be able to decrypt it. Because of
randomness in age
's encryption algorithms, the files always change
when rekeyed, even if the identities do not. (This eventually could be
improved upon by reading the identities from the age file.)