From 8af97149b28adaf28699af923c35633310d52edf Mon Sep 17 00:00:00 2001
From: Ryan Mulligan <ryan@ryantm.com>
Date: Fri, 18 Dec 2020 15:40:34 -0800
Subject: [PATCH] Add notice about password-protected ssh keys

---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index 64f0d87..1a5421c 100644
--- a/README.md
+++ b/README.md
@@ -19,6 +19,7 @@ All files in the Nix store are readable by any system user, so it is not a suita
 
 ## Notices
 
+* Password-protected ssh keys: since the underlying tool age/rage do not support ssh-agent, password-protected ssh keys do not work well. For example, if you need to rekey 20 secrets you will have to enter your password 20 times.
 * If you want to manage user's hashed passwords, you must use a version of NixOS with [commit e6b8587](https://github.com/NixOS/nixpkgs/commit/e6b8587b25a19528695c5c270e6ff1c209705c31), so the root-owned secrets can be decrypted before the user activation script runs. Currently only available on `unstable`.
 
 ## Installation