Can confirm this works.

Did
nix run github:ck3d/agenix/fix-272#agenix -- -v

since I was also running into this bug

Also ran into this issue after upgrading to nixos 24.11. nix run github:ck3d/agenix/fix-272#agenix -- -r worked for me.

Can someone please review this? @n8henrie is see you reviewed last merged PR. Would appreciate some feedback at least.

The output is different for each edit call.

@n8henrie the way I'd review this:

1. It is a bug that the edit function changes DEFAULT_DECRYPT, it's meant to be used as a template by the decrypt function and really shouldn't be modified after being initialized.
2. edit is called repeatedly by rekey, which is what manifested the bug

That's why it doesn't make sense to check for an existing -o

@ck3d can you rebase this PR?

Thanks for elaborating.

I agree, looking at the whole context a bit more, it seems like the age tool is not really designed to work on more than one file at a time, so looping while modifying global variables is a setup for trouble.

I am super tempted to just refactor the script to a use local variables, readonly globals, and a more functional style.

This should also get a regression test (please), ideally in a separate commit that currently fails.

Thanks to all for input!

PR rebased and ready to merge

I know how important tests are, but I can not spend time on writing a regression test.

I will try writing a test this weekend.

I think we determined between #330 and #272 that this is only an issue if one has decided to pin to an outdated version of agenix or is using an alternate implementation like rage, so I think this can be closed. Will leave open for a little while longer to see if anyone on the thread is experiencing issues here on main without rage; if so, a regression test would be appreciated.

Feel free to reopen if we add a regression test.