diff --git a/lib/default.nix b/lib/default.nix
index 9e9b004..b935a24 100644
--- a/lib/default.nix
+++ b/lib/default.nix
@@ -31,15 +31,16 @@ rec {
     resultPath = newPath;
   };
 
+  genReplacement = secret:
+    let
+      t = { transform ? null, ... }: if isNull transform then x: x else transform;
+    in
+      lib.attrsets.nameValuePair (secretName secret.name) ((t secret) "$(cat ${toString secret.source})");
+
   replaceSecretsScript = { file, resultPath, replacements, user ? null, permissions ? "u=r,g=r,o=" }:
     let
       templatePath = resultPath + ".template";
 
-      t = { transform ? null, ... }: if isNull transform then x: x else transform;
-
-      genReplacement = secret:
-        lib.attrsets.nameValuePair (secretName secret.name) ((t secret) "$(cat ${toString secret.source})");
-
       # We check that the files containing the secrets have the
       # correct permissions for us to read them in this separate
       # step. Otherwise, the $(cat ...) commands inside the sed
diff --git a/test/modules/lib.nix b/test/modules/lib.nix
index 0a8227e..11ce397 100644
--- a/test/modules/lib.nix
+++ b/test/modules/lib.nix
@@ -1,6 +1,8 @@
 { pkgs, lib, ... }:
 let
   shblib = pkgs.callPackage ../../lib {};
+
+  inherit (lib) nameValuePair;
 in
 {
   # Tests that withReplacements can:
@@ -79,15 +81,15 @@ in
   testLibGetReplacements = {
     expected =
       let
-        secrets = root: {
-          "%SECRET_${root}B%" = "$(cat /path/B)";
-          "%SECRET_${root}C%" = "prefix-$(cat /path/C)-suffix";
-        };
+        secrets = root: [
+          (nameValuePair "%SECRET_${root}B%" "$(cat /path/B)")
+          (nameValuePair "%SECRET_${root}C%" "prefix-$(cat /path/C)-suffix")
+        ];
       in
-        (secrets "") //
-        (secrets "NESTEDATTR_") //
-        (secrets "NESTEDLIST_0_") //
-        (secrets "DOUBLENESTEDLIST_0_N_");
+        (secrets "") ++
+        (secrets "DOUBLENESTEDLIST_0_N_") ++
+        (secrets "NESTEDATTR_") ++
+        (secrets "NESTEDLIST_0_");
     expr =
       let
         item = {
@@ -99,13 +101,13 @@ in
           c.other = "other";
         };
       in
-        shblib.getReplacements (
+        map shblib.genReplacement (shblib.getReplacements (
           item // {
             nestedAttr = item;
             nestedList = [ item ];
             doubleNestedList = [ { n = item; } ];
           }
-        );
+        ));
   };
 
   testParseXML = {