diff --git a/home/agenix.nix b/home/agenix.nix
new file mode 100644
index 0000000..645744c
--- /dev/null
+++ b/home/agenix.nix
@@ -0,0 +1,31 @@
+{ config, ... }:
+{
+  # TODO: Get a token2 and set up https://github.com/oddlama/agenix-rekey
+  age.identityPaths = [ "/var/lib/persistent/host_id_ed25519" ];
+
+  age.secrets.access-tokens-github.file = ../secrets/gh.age;
+  age.secrets.obvps-id = {
+    file = ../secrets/1bvps.age;
+    path = "/home/rhea/.ssh/id_1bvps";
+    owner = "rhea";
+    symlink = false;
+  };
+
+  age.secrets.gcd_etwas = {
+    file = ../secrets/gcd_etwas.age;
+    path = "/home/rhea/.ssh/id_gcd_etwas";
+    owner = "rhea";
+    symlink = false;
+  };
+
+  age.secrets.etwas_sign_key = {
+    file = ../secrets/sign_etwas.age;
+    path = "/home/rhea/.ssh/etwas_sign_key";
+    owner = "rhea";
+    symlink = false;
+  };
+
+  nix.extraOptions = ''
+    !include ${config.age.secrets.access-tokens-github.path}
+  '';
+}
diff --git a/home/default.nix b/home/default.nix
index aa598ca..f4e61f1 100644
--- a/home/default.nix
+++ b/home/default.nix
@@ -4,29 +4,9 @@
     inputs.home-manager.nixosModules.home-manager
     inputs.catppuccin.nixosModules.catppuccin
     inputs.spicetify-nix.nixosModules.default
+    ./agenix.nix
   ];
 
-  # TODO: Get a token2 and set up https://github.com/oddlama/agenix-rekey
-  age.identityPaths = [ "/var/lib/persistent/host_id_ed25519" ];
-
-  age.secrets.access-tokens-github.file = ../secrets/gh.age;
-  age.secrets.obvps-id = {
-    file = ../secrets/1bvps.age;
-    path = "/home/rhea/.ssh/id_1bvps";
-    owner = "rhea";
-    symlink = false;
-  };
-  age.secrets.gcd_etwas = {
-    file = ../secrets/1bvps.age;
-    path = "/home/rhea/.ssh/id_gcd_etwas";
-    owner = "rhea";
-    symlink = false;
-  };
-
-  nix.extraOptions = ''
-    !include ${config.age.secrets.access-tokens-github.path}
-  '';
-
   home-manager = {
     useUserPackages = true;
     useGlobalPkgs = true;