Usage with age plugins

[dghubble]

I'm able to use agenix (the CLI) with age or rage using the age-plugin-yubikey, but when using agenix as NixOS module and referencing secrets, agenix is not able to invoke the age or rage commands and have them detect the installed plugin.

When running sudo nixos-rebuild, age doesn't want to invoke the age-plugin-yubikey. Or using rage, it can't find the plugin at all.

  # Configure agenix
  age = {
    ageBin = "${pkgs.age}/bin/age";
    #ageBin = "${pkgs.rage}/bin/rage";
    identityPaths = [ ../identity.txt ];

    # Reference age secret files
    secrets = {
      bar = {
        file = ../secrets/bar.age;
      };
    };
  };

# age 1.1.1
$ sudo nixos-rebuild switch
...
[agenix] decrypting secrets...
decrypting '/nix/store/7daqifqz4avszwsm5r2kmf2lvqmw00zx-bar.age' to '/run/agenix.d/30/bar'...
age: error: yubikey plugin: couldn't start plugin: age-plugin-yubikey resolves to executable in current directory (./age-plugin-yubikey)

# rage 0.9.2
$ sudo nixos-rebuild switch
...
[agenix] decrypting secrets...
decrypting '/nix/store/7daqifqz4avszwsm5r2kmf2lvqmw00zx-bar.age' to '/run/agenix.d/31/bar'...
Error: Could not find '⁨age-plugin-yubikey⁩' on the PATH.
Have you installed the plugin?

Both age and rage are able to detect and use the plugin when I use them directly or when I use the agenix CLI. I've tried installing them with both environment.systemPackage and home-manage home-packages. I think this is something to do with the nixos-rebuild environment's view of the PATH, like it just can't see plugins in general. Is there a way to tell this module about these plugins that I'm missing?

Related: #115

[nrabulinski]

I’m pretty sure you should be able to wrap age and overwrite ageBin so that it always has the plugin in PATH. That could potentially work, at least as a workaround until there’s first party support for that in agenix