diff --git a/lib/tests/modules/pathWith.nix b/lib/tests/modules/pathWith.nix
index 273bc06dfc00..98ba39cb2c4b 100644
--- a/lib/tests/modules/pathWith.nix
+++ b/lib/tests/modules/pathWith.nix
@@ -58,6 +58,9 @@ in
   pathInStore.ok1 = "${storeDir}/0lz9p8xhf89kb1c1kk6jxrzskaiygnlh-bash-5.2-p15.drv";
   pathInStore.ok2 = "${storeDir}/0fb3ykw9r5hpayd05sr0cizwadzq1d8q-bash-5.2-p15";
   pathInStore.ok3 = "${storeDir}/0fb3ykw9r5hpayd05sr0cizwadzq1d8q-bash-5.2-p15/bin/bash";
+  pathInStore.ok4 = "/1121rp0gvr1qya7hvy925g5kjwg66acz6sn1ra1hca09f1z5dsab"; # CA derivation
+  pathInStore.ok5 = "/1121rp0gvr1qya7hvy925g5kjwg66acz6sn1ra1hca09f1z5dsab/bin/bash"; # CA derivation
+  pathInStore.ok6 = /1121rp0gvr1qya7hvy925g5kjwg66acz6sn1ra1hca09f1z5dsab; # CA derivation, path type
   pathInStore.bad1 = "";
   pathInStore.bad2 = "${storeDir}";
   pathInStore.bad3 = "${storeDir}/";
diff --git a/lib/types.nix b/lib/types.nix
index 11b1b5463bc7..286e5bf76aff 100644
--- a/lib/types.nix
+++ b/lib/types.nix
@@ -669,7 +669,14 @@ let
             check =
               x:
               let
-                isInStore = builtins.match "${builtins.storeDir}/[^.].*" (toString x) != null;
+                isInStore = lib.path.hasStorePathPrefix (
+                  if builtins.isPath x then
+                    x
+                  # Discarding string context is necessary to convert the value to
+                  # a path and safe as the result is never used in any derivation.
+                  else
+                    /. + builtins.unsafeDiscardStringContext x
+                );
                 isAbsolute = builtins.substring 0 1 (toString x) == "/";
                 isExpectedType = (
                   if inStore == null || inStore then isStringLike x else isString x # Do not allow a true path, which could be copied to the store later on.