Merge pull request #36 from Arbel-arad/main

added ".hmac" to the good suffix list
oddlama · Jul 30, 2024 · 4107b53 · 4107b53
2 parents 3f1c787 + c03c142
commit 4107b53
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/modules/agenix-rekey.nix b/modules/agenix-rekey.nix
@@ -190,7 +190,7 @@ in {
         ]));
 
     warnings = let
-      hasGoodSuffix = x: (hasPrefix builtins.storeDir x) -> (hasSuffix ".age" x || hasSuffix ".pub" x);
+      hasGoodSuffix = x: (hasPrefix builtins.storeDir x) -> (hasSuffix ".age" x || hasSuffix ".pub" x || hasSuffix ".hmac" x);
     in
       optional (!all hasGoodSuffix masterIdentityPaths) ''
         At least one of your rekey.masterIdentities references an unencrypted age identity in your nix store!
@@ -200,7 +200,7 @@ in {
         Please make sure they don't contain any secret information or delete them now.
 
         To silence this warning, you may:
-          - Use a split-identity ending in `.pub`, where the private part is not contained (a yubikey identity)
+          - Use a split-identity ending in `.pub` or `.hmac`, where the private part is not contained (a yubikey identity)
           - Use an absolute path to your key outside of the nix store ("/home/myuser/age-master-key")
           - Or encrypt your age identity and use the extension `.age`. You can encrypt an age identity
             using `rage -p -o privkey.age privkey` which protects it in your store.