--- a/modules/nixos/secrets.nix
+++ b/modules/nixos/secrets.nix
@@ -7,7 +7,7 @@
 }: let
   inherit (builtins) hashString;
   inherit (lib.stringsWithDeps) stringAfter;
-  inherit (lib.options) mkOption;
+  inherit (lib.options) mkOption literalExpression;
   inherit (lib.lists) optional;
   inherit (lib.attrsets) mapAttrs;
   inherit (lib.modules) mkIf;
@@ -78,6 +78,7 @@
         type = str;
         description = "Group of the secret";
         default = sysConfig.users.users.${config.owner}.group;
+        defaultText = literalExpression "config.users.users.$${owner}.group";
       };
     };
   });
--- a/modules/nixpkgs.nix
+++ b/modules/nixpkgs.nix
@@ -4,7 +4,7 @@
   config,
   ...
 }: let
-  inherit (lib.options) mkOption;
+  inherit (lib.options) mkOption literalExpression;
   inherit (lib.types) path;
   inherit (lib.modules) mkRemovedOptionModule;
   inherit (fleetLib.options) mkHostsOption;
@@ -39,6 +39,7 @@
         '';
         type = path;
         default = config.nixpkgs.buildUsing;
+        defaultText = literalExpression "config.nixpkgs.buildUsing";
       };
       # imports = [
       # 	(mkRemovedOptionModule ["nixpkgs" "overlays"] "this option needs to be specified at nixosModules level")
--- a/modules/secrets.nix
+++ b/modules/secrets.nix
@@ -3,7 +3,7 @@
   config,
   ...
 }: let
-  inherit (lib.options) mkOption;
+  inherit (lib.options) mkOption literalExpression;
   inherit (lib.types) unspecified nullOr listOf str bool attrsOf submodule;
   inherit (lib.strings) concatStringsSep;
   inherit (lib.attrsets) mapAttrs;
@@ -30,6 +30,7 @@
       };
       regenerateOnOwnerRemoved = mkOption {
         default = config.regenerateOnOwnerAdded;
+        defaultText = literalExpression "regenerateOnOwnerAdded";
         type = bool;
         description = ''
           Should this secret be removed on owner removal, or it may be just reencrypted