diff --git a/aspects/hosts/_trantor/pocket-id.nix b/aspects/hosts/_trantor/pocket-id.nix
index 6aee8a2..fc01f5a 100644
--- a/aspects/hosts/_trantor/pocket-id.nix
+++ b/aspects/hosts/_trantor/pocket-id.nix
@@ -1,17 +1,22 @@
 {
   config,
   lib,
+  inputs,
   ...
 }:
 
 {
   services.pocket-id = {
     enable = true;
-    environmentFile = "/etc/nixos/secrets/pocket-id.key";
+    environmentFile = config.age.secrets.pocket-id-key.path;
     settings = {
       APP_URL = "https://auth.baduhai.dev";
       TRUST_PROXY = true;
       ANALYTICS_DISABLED = true;
     };
   };
+
+  age.secrets.pocket-id-key = {
+    file = "${inputs.self}/secrets/pocket-id.key.age";
+  };
 }
diff --git a/secrets/pocket-id.key b/secrets/pocket-id.key
deleted file mode 100644
index bb10b9f..0000000
--- a/secrets/pocket-id.key
+++ /dev/null
@@ -1 +0,0 @@
-/Vg7Fgr1Gy+Jx84+5BwE+I+njloA6DDnCX2K3yVKB9Y=
diff --git a/secrets/pocket-id.key.age b/secrets/pocket-id.key.age
new file mode 100644
index 0000000..5d7fabe
Binary files /dev/null and b/secrets/pocket-id.key.age differ