diff --git a/flake.lock b/flake.lock
index 2c7a0ce..46cf359 100644
--- a/flake.lock
+++ b/flake.lock
@@ -1,5 +1,26 @@
 {
   "nodes": {
+    "agenix": {
+      "inputs": {
+        "darwin": "darwin",
+        "home-manager": "home-manager",
+        "nixpkgs": "nixpkgs",
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1754433428,
+        "narHash": "sha256-NA/FT2hVhKDftbHSwVnoRTFhes62+7dxZbxj5Gxvghs=",
+        "owner": "ryantm",
+        "repo": "agenix",
+        "rev": "9edb1787864c4f59ae5074ad498b6272b3ec308d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "ryantm",
+        "repo": "agenix",
+        "type": "github"
+      }
+    },
     "base16": {
       "inputs": {
         "fromYaml": "fromYaml"
@@ -67,6 +88,28 @@
         "type": "github"
       }
     },
+    "darwin": {
+      "inputs": {
+        "nixpkgs": [
+          "agenix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1744478979,
+        "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
+        "owner": "lnl7",
+        "repo": "nix-darwin",
+        "rev": "43975d782b418ebf4969e9ccba82466728c2851b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "lnl7",
+        "ref": "master",
+        "repo": "nix-darwin",
+        "type": "github"
+      }
+    },
     "firefox-gnome-theme": {
       "flake": false,
       "locked": {
@@ -196,6 +239,27 @@
       }
     },
     "home-manager": {
+      "inputs": {
+        "nixpkgs": [
+          "agenix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1745494811,
+        "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
+    "home-manager_2": {
       "inputs": {
         "nixpkgs": [
           "nixpkgs"
@@ -247,6 +311,22 @@
       }
     },
     "nixpkgs": {
+      "locked": {
+        "lastModified": 1754028485,
+        "narHash": "sha256-IiiXB3BDTi6UqzAZcf2S797hWEPCRZOwyNThJIYhUfk=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "59e69648d345d6e8fef86158c555730fa12af9de",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-25.05",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_2": {
       "locked": {
         "lastModified": 1752950548,
         "narHash": "sha256-NS6BLD0lxOrnCiEOcvQCDVPXafX1/ek1dfJHX1nUIzc=",
@@ -262,7 +342,7 @@
         "type": "github"
       }
     },
-    "nixpkgs_2": {
+    "nixpkgs_3": {
       "locked": {
         "lastModified": 1752997324,
         "narHash": "sha256-vtTM4oDke3SeDj+1ey6DjmzXdq8ZZSCLWSaApADDvIE=",
@@ -309,8 +389,8 @@
         "flake-parts": "flake-parts",
         "flake-utils": "flake-utils",
         "mnw": "mnw",
-        "nixpkgs": "nixpkgs_2",
-        "systems": "systems"
+        "nixpkgs": "nixpkgs_3",
+        "systems": "systems_2"
       },
       "locked": {
         "lastModified": 1753181140,
@@ -328,9 +408,10 @@
     },
     "root": {
       "inputs": {
-        "home-manager": "home-manager",
+        "agenix": "agenix",
+        "home-manager": "home-manager_2",
         "nix-flatpak": "nix-flatpak",
-        "nixpkgs": "nixpkgs",
+        "nixpkgs": "nixpkgs_2",
         "nvf": "nvf",
         "stylix": "stylix"
       }
@@ -348,7 +429,7 @@
           "nixpkgs"
         ],
         "nur": "nur",
-        "systems": "systems_2",
+        "systems": "systems_3",
         "tinted-foot": "tinted-foot",
         "tinted-kitty": "tinted-kitty",
         "tinted-schemes": "tinted-schemes",
@@ -399,6 +480,21 @@
         "type": "github"
       }
     },
+    "systems_3": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
     "tinted-foot": {
       "flake": false,
       "locked": {
diff --git a/flake.nix b/flake.nix
index 251b038..38b9fc9 100644
--- a/flake.nix
+++ b/flake.nix
@@ -8,6 +8,8 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
+    agenix.url = "github:ryantm/agenix";
+
     nix-flatpak.url = "github:gmodena/nix-flatpak/?ref=latest";
 
     stylix = {
@@ -22,8 +24,7 @@
     {
       self,
       nixpkgs,
-      nix-flatpak,
-      nvf,
+      agenix,
       ...
     }@inputs:
     let
@@ -31,14 +32,15 @@
       overlays = builtins.attrValues (import ./overlays);
 
       sharedModules = [
-        nix-flatpak.nixosModules.nix-flatpak
+        inputs.nix-flatpak.nixosModules.nix-flatpak
         inputs.stylix.nixosModules.stylix
-        nvf.nixosModules.default
+        inputs.nvf.nixosModules.default
+        inputs.agenix.nixosModules.default
       ];
 
       mkHost = hostConfig:
         nixpkgs.lib.nixosSystem {
-          specialArgs = { inherit inputs system overlays; };
+          specialArgs = { inherit inputs system overlays agenix; };
           modules = [ hostConfig ] ++ sharedModules;
         };
     in
diff --git a/modules/nix/base-cli/pkgs.nix b/modules/nix/base-cli/pkgs.nix
index b0ba70e..322c878 100644
--- a/modules/nix/base-cli/pkgs.nix
+++ b/modules/nix/base-cli/pkgs.nix
@@ -2,6 +2,7 @@
   config,
   lib,
   pkgs,
+  agenix,
   ...
 }:
 let
@@ -30,6 +31,7 @@ in
       usbutils
       git
       unzip
+      agenix.packages.${system}.default
     ];
   };
 }
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
new file mode 100644
index 0000000..a74ff65
--- /dev/null
+++ b/secrets/secrets.nix
@@ -0,0 +1,41 @@
+let
+  nix-config-dev = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEPRiK+vZw/G4d0fzkHzPSx+UJdiDdMyxW+ygCPLRxz2";
+
+  smayzy_desktop1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKebxL3JGy2UgPX4NjDvHjRz1ri6yyReAOURET+ULKz5";
+  smayzy_laptop1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB1AK9eYCMHAz1HE0/UmFeAmFNn6EJsVwiKsvzeHipuI";
+  smayzy_server1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK0rBzdu8mwX26ZH7+bxHQsYqLZ/uCcBRP05OJlhzfZF";
+  users = [ smayzy_desktop1 smayzy_laptop1 smayzy_server1 ];
+
+  desktop1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM627oXXyR+0SlVNcRhyw2/8c3X4y+cl3XSU/BUumxzi";
+  laptop1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ6tnupPyqe4Ihc3D4S8ZSPCX4k1M/AEQ0gmy61O4CTb";
+  server1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKnu2elHgXTUPOTPjjyARNswMvxnrCkjdbUjD3thFo3l";
+  desktops = [ desktop1 ];
+  laptops = [ laptop1 ];
+  servers = [ server1 ];
+  systems = desktops ++ laptops ++ servers;
+
+  mkKey = key:{
+    publicKeys = 
+      if builtins.isList key
+      then key ++ [ nix-config-dev ]
+      else [ key nix-config-dev ];
+    armor = true;
+  };
+in
+{
+  "smayzy_desktop1.age" = mkKey smayzy_desktop1;
+  "smayzy_laptop1.age" = mkKey smayzy_laptop1;
+  "smayzy_server1.age" = mkKey smayzy_server1;
+
+  "users.age" = mkKey users;
+
+  "desktop1.age" = mkKey desktop1;
+  "laptop1.age" = mkKey laptop1;
+  "server1.age" = mkKey server1;
+
+  "desktops.age" = mkKey desktops;
+  "laptops.age" = mkKey laptops;
+  "servers.age" = mkKey servers;
+
+  "systems.age" = mkKey systems;
+}