diff --git a/flake.lock b/flake.lock
index f8f1559..b7be143 100644
--- a/flake.lock
+++ b/flake.lock
@@ -1,5 +1,25 @@
 {
   "nodes": {
+    "agenix": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1665870395,
+        "narHash": "sha256-Tsbqb27LDNxOoPLh0gw2hIb6L/6Ow/6lIBvqcHzEKBI=",
+        "owner": "ryantm",
+        "repo": "agenix",
+        "rev": "a630400067c6d03c9b3e0455347dc8559db14288",
+        "type": "github"
+      },
+      "original": {
+        "owner": "ryantm",
+        "repo": "agenix",
+        "type": "github"
+      }
+    },
     "deploy-rs": {
       "inputs": {
         "flake-compat": "flake-compat",
@@ -287,6 +307,7 @@
     },
     "root": {
       "inputs": {
+        "agenix": "agenix",
         "deploy-rs": "deploy-rs",
         "flake-utils": "flake-utils",
         "home-manager": "home-manager",
diff --git a/flake.nix b/flake.nix
index f3d176f..b7c38f0 100644
--- a/flake.nix
+++ b/flake.nix
@@ -4,14 +4,9 @@
   inputs = {
     nixpkgs.url = "github:NixOS/nixpkgs/release-22.11";
     nixpkgs-u.url = "github:NixOS/nixpkgs/nixos-unstable";
-    home-manager = {
-      url = "github:nix-community/home-manager/release-22.05";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
-    # home-manager-u = {
-    #   url = "github:nix-community/home-manager";
-    #   inputs.nixpkgs.follows = "nixpkgs-u";
-    # };
+    home-manager = { url = "github:nix-community/home-manager/release-22.05"; inputs.nixpkgs.follows = "nixpkgs"; };
+
+    agenix = { url = "github:ryantm/agenix"; inputs.nixpkgs.follows = "nixpkgs"; };
     deploy-rs = { url = "github:serokell/deploy-rs"; inputs = { nixpkgs.follows = "nixpkgs"; }; };
     flake-utils.url = "github:numtide/flake-utils";
     nixos-generators = { url = "github:nix-community/nixos-generators"; inputs = { nixpkgs.follows = "nixpkgs"; }; };
@@ -25,13 +20,13 @@
     , nixpkgs
     , nixpkgs-u
     , home-manager
+    , agenix
     , deploy-rs
     , flake-utils
     , nixos-generators
     , nixos-hardware
     , nix-rice
     , pre-commit-hooks
-    , ...
     }:
     let
       config = {
@@ -116,6 +111,10 @@
         # Home manager configuration
         home-manager.nixosModules.home-manager
         { home-manager = { useGlobalPkgs = true; useUserPackages = true; }; }
+        agenix.nixosModule
+        {
+          # age.secrets.oauth_proxy_client_credentials.file = ./secrets/oauth_proxy_client_credentials.age;
+        }
 
         ./nixos_modules/bertof_user.nix
         ./nixos_modules/distributed.nix
diff --git a/nixos_modules/bertof_user.nix b/nixos_modules/bertof_user.nix
index 8dc855a..c5218a2 100644
--- a/nixos_modules/bertof_user.nix
+++ b/nixos_modules/bertof_user.nix
@@ -6,6 +6,7 @@
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAhxOjo9Ac9hVd3eOR56F6sClUMUh1m7VpcmzA18dslj bertof@odin"
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7mcf8fbMo1eXqSJeVFWaweB+JOU+67dFuf8laZKZZG bertof@thor"
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbG791lSOl8Rqoy+KkdKiOJnOMRg02+HZ/VrlrWMYAX bertof@baldur"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPbbgBCzRsIO6giIVCgTUMgBCrexgvHmq8pis5A4ievH bertof@loki"
     ];
   };
 }
diff --git a/nixos_modules/extended_registry.nix b/nixos_modules/extended_registry.nix
index d5bf779..973e1f6 100644
--- a/nixos_modules/extended_registry.nix
+++ b/nixos_modules/extended_registry.nix
@@ -1,26 +1,16 @@
 {
   nix.registry = {
+    agenix = {
+      from = { id = "agenix"; type = "indirect"; };
+      to = { type = "github"; owner = "ryantm"; repo = "agenix"; };
+    };
     my-templates = {
-      from = {
-        id = "my-templates";
-        type = "indirect";
-      };
-      to = {
-        type = "github";
-        owner = "bertof";
-        repo = "flake-templates";
-      };
+      from = { id = "my-templates"; type = "indirect"; };
+      to = { type = "github"; owner = "bertof"; repo = "flake-templates"; };
     };
     tex2nix = {
-      from = {
-        id = "tex2nix";
-        type = "indirect";
-      };
-      to = {
-        type = "github";
-        owner = "Mic92";
-        repo = "tex2nix";
-      };
+      from = { id = "tex2nix"; type = "indirect"; };
+      to = { type = "github"; owner = "Mic92"; repo = "tex2nix"; };
     };
   };
 }
diff --git a/nixos_modules/installer.nix b/nixos_modules/installer.nix
index 9c87a5e..51c65c7 100644
--- a/nixos_modules/installer.nix
+++ b/nixos_modules/installer.nix
@@ -7,7 +7,6 @@
   };
   users.users.root = {
     openssh.authorizedKeys.keys = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN+zsSWZFFzQKnATCAvtG+iuSm4qkZHjCtHzGa9B/71W bertof@odin" # OLD
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAhxOjo9Ac9hVd3eOR56F6sClUMUh1m7VpcmzA18dslj bertof@odin"
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7mcf8fbMo1eXqSJeVFWaweB+JOU+67dFuf8laZKZZG bertof@thor"
     ];
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
new file mode 100644
index 0000000..42442db
--- /dev/null
+++ b/secrets/secrets.nix
@@ -0,0 +1,13 @@
+# let
+#   bertof_odin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAhxOjo9Ac9hVd3eOR56F6sClUMUh1m7VpcmzA18dslj";
+#   bertof_thor = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7mcf8fbMo1eXqSJeVFWaweB+JOU+67dFuf8laZKZZG";
+#   bertof_baldur = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbG791lSOl8Rqoy+KkdKiOJnOMRg02+HZ/VrlrWMYAX";
+#   users = [ bertof_odin bertof_thor bertof_baldur ];
+
+#   baldur = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF9G8I75gOfB1QJhZU9z+UaYovWq05OfK2FVKtCb8Xxh";
+#   thor = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJbMiGx/QZ/RKgad3UNyEzgLfqRU0zBo8n0AU3s244Zw";
+#   systems = [ thor baldur ];
+# in
+{
+  #   # "oauth_proxy_client_credentials.age".publicKeys = users ++ systems;
+}