diff --git a/aspects/hosts/_trantor/pocket-id.nix b/aspects/hosts/_trantor/pocket-id.nix
new file mode 100644
index 0000000..6aee8a2
--- /dev/null
+++ b/aspects/hosts/_trantor/pocket-id.nix
@@ -0,0 +1,17 @@
+{
+  config,
+  lib,
+  ...
+}:
+
+{
+  services.pocket-id = {
+    enable = true;
+    environmentFile = "/etc/nixos/secrets/pocket-id.key";
+    settings = {
+      APP_URL = "https://auth.baduhai.dev";
+      TRUST_PROXY = true;
+      ANALYTICS_DISABLED = true;
+    };
+  };
+}
diff --git a/data/services.nix b/data/services.nix
index fc749ba..e0ee203 100644
--- a/data/services.nix
+++ b/data/services.nix
@@ -23,6 +23,12 @@
       host = "trantor";
       public = true;
     }
+    {
+      name = "pocket-id";
+      domain = "auth.baduhai.dev";
+      host = "trantor";
+      public = true;
+    }
     {
       name = "nextcloud";
       domain = "cloud.baduhai.dev";
diff --git a/secrets/pocket-id.key b/secrets/pocket-id.key
new file mode 100644
index 0000000..bb10b9f
--- /dev/null
+++ b/secrets/pocket-id.key
@@ -0,0 +1 @@
+/Vg7Fgr1Gy+Jx84+5BwE+I+njloA6DDnCX2K3yVKB9Y=
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index d052896..6fb2bfc 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -32,6 +32,11 @@ in
     rotterdam-user
     trantor
   ];
+  "pocket-id.key.age".publicKeys = [
+    io-user
+    rotterdam-user
+    trantor
+  ];
   "miniflux-admincreds.age".publicKeys = [
     io-user
     rotterdam-user