agenix/pkgs/agenix.nix
Ryan Mulligan 5c1198a352 feat: switch from rage to age
Why
===
* Someone said age works better with password protected keys,
requiring entering the password less often.
* We switched to rage from age in
07ce686870
because it was limiting recipients to 20. This was fixed
https://github.com/FiloSottile/age/issues/139

What changed
===
* Switch from rage back to age (the reference implementation) in all
the spots
* Update the docs to show how to switch back to Rage
* Skip keys that are empty files, which fixes the integration test.
2023-12-23 14:09:16 -08:00

37 lines
682 B
Nix

{
lib,
stdenv,
age,
jq,
nix,
mktemp,
diffutils,
substituteAll,
ageBin ? "${age}/bin/age",
shellcheck,
}:
stdenv.mkDerivation rec {
pname = "agenix";
version = "0.15.0";
src = substituteAll {
inherit ageBin version;
jqBin = "${jq}/bin/jq";
nixInstantiate = "${nix}/bin/nix-instantiate";
mktempBin = "${mktemp}/bin/mktemp";
diffBin = "${diffutils}/bin/diff";
src = ./agenix.sh;
};
dontUnpack = true;
doCheck = true;
checkInputs = [shellcheck];
postCheck = ''
shellcheck $src
'';
installPhase = ''
install -D $src ${placeholder "out"}/bin/agenix
'';
meta.description = "age-encrypted secrets for NixOS";
}