feat: switch from rage to age

Why === * Someone said age works better with password protected keys, requiring entering the password less often. * We switched to rage from age in 07ce686870 because it was limiting recipients to 20. This was fixed https://github.com/FiloSottile/age/issues/139 What changed === * Switch from rage back to age (the reference implementation) in all the spots * Update the docs to show how to switch back to Rage * Skip keys that are empty files, which fixes the integration test.
2025-07-29 09:47:44 +00:00 · 2023-12-20 13:13:47 -08:00 · 2023-12-20 13:13:47 -08:00 · 5c1198a352
commit 5c1198a352
parent 9bc80dc4ce
6 changed files with 13 additions and 12 deletions
--- a/doc/notices.md
+++ b/doc/notices.md
@ -1,3 +1,3 @@
 # Notices {#notices}

-* Password-protected ssh keys: since the underlying tool age/rage do not support ssh-agent, password-protected ssh keys do not work well. For example, if you need to rekey 20 secrets you will have to enter your password 20 times.
+* Password-protected ssh keys: since age does not support ssh-agent, password-protected ssh keys do not work well. For example, if you need to rekey 20 secrets you will have to enter your password 20 times.
--- a/doc/reference.md
+++ b/doc/reference.md
@ -166,7 +166,7 @@ Example of a secret with a name different from its attrpath:
 ### `age.ageBin`

 `age.ageBin` the string of the path to the `age` binary. Usually, you
-don't need to change this. Defaults to `rage/bin/rage`.
+don't need to change this. Defaults to `age/bin/age`.

 Overriding `age.ageBin` example: