brizzbuzz
Issue with secret reference
Hi @brizzbuzz, I wanted to try opnix in my flake. I setup everything "correctly":
- opnix token via the cli:
sudo opnix token set(service account) - I change the permissions and the owner accordingly (my local user with 640)
- I am using it in home-manager with a simple secret:
opnix = {
enable = true;
secrets = [
{
path = ".ssh/github.pub";
reference = "op://Development/Github Authorisation/public key";
}
];
};
- Install opnix in my flake, set up it in home-manager modules and run my flake
I receive the following error:
Activating writeOpnixConfig Activating retrieveOpnixSecrets 2025/05/30 23:19:52 Failed to run secret: error processing secrets: error resolving secret reference: the specified field cannot be found within the item
Now, I tried to use my 1password cli, with the following command: `OP_SERVICE_ACCOUNT_TOKEN=<MY_SERVICE_ACCOUNT_TOKEN> op read "op://Development/Github Authorisation/public key" and it worked.
I am not able to have more details why the flake is failing. Is there any flag to debug further? Otherwise, any idea why it failed? I also tried with references without spaces, but still same issue.
I would appreciate any help
hmmm super odd, at a first glance, all this looks fine. I'll try to find some time to debug this but candidly... might take me a while to get around to it. ofc feel free to pull the code and play around with it, see what might be up.
Unfortunately I don't use nixos, but nix-darwin. Therefore, I can only test with home-manager (maybe dummy question, but it should work with home-manager even on mac environment, am I right?)
However, I have exactly the same issue running opnix from command line with a command like: opnix secret -config ~/secrets/secrets.json
The secrets.json is really simple:
{
"secrets": [
{
"path": ".ssh/github.pub",
"reference": "op://Development/Github Authorisation/public key"
}
]
}
Sorry for spamming again. But I think I found the issue and it is not on opnix. The go SDK of 1password only supports some field types. However, I think that the version used in opnix is old one (latest is 3.0). I have created a PR to update it, can you check it? @brizzbuzz
no worries, it's never spam when you fix the problem 😄 thanks so much for investigating the issue. You were able to confirm that this fixes the issue?
IIRC other people were having issues with nix-darwin directly (see #10) but candidly, i'm not sure how that works in conjunction with home-manager. It may be that trying to do in the nix-darwin module does not work, while using home-manager within nix-darwin does work.
I use nix-darwin a bit, but just for simple stuff, so haven't played around too much with the details of how things work there.
So as long as this has fixed it for you, let's ship it!
Yes, to reply to your question. I think it works fine independently of the machine (linux/mac) if used with home-manager. However, if used as module for nix-darwin (I am not doing that), it will probably won't work. I replied in the PR. I tested locally and it is working fine, however I have some doubt about go version file to update. Can you check that I did not forget anything?
@brizzbuzz I think I introduced an issue. When I run my flake with your new flake, I get this error: Not sure why I did not catch locally. Anyway, I think it is due to the package.nix that I forgot to update. Here the PR: #15