diff --git a/flake.nix b/flake.nix
index 9ea59bf..34a333e 100644
--- a/flake.nix
+++ b/flake.nix
@@ -30,7 +30,8 @@
     nixosConfigurations.rhea-laptop = nixpkgs.lib.nixosSystem {
       specialArgs = { 
         inherit inputs;
-        inherit spicetify-nix; 
+        inherit spicetify-nix;
+        inherit agenix;
       };
 
       system = "x86_64-linux";
diff --git a/home/default.nix b/home/default.nix
index 8c838c3..0b42cce 100644
--- a/home/default.nix
+++ b/home/default.nix
@@ -1,4 +1,4 @@
-{ config, pkgs, inputs, spicetify-nix, ... }:
+{ config, pkgs, inputs, spicetify-nix, agenix, ... }:
 {
   imports = [
     inputs.home-manager.nixosModules.home-manager
@@ -12,6 +12,7 @@
 
     extraSpecialArgs = { 
       inherit spicetify-nix;
+      inherit agenix;
     };
 
     users.rhea = {
@@ -63,5 +64,14 @@
     shell = pkgs.zsh;
   };
 
+  # TODO: Get a token2 and set up https://github.com/oddlama/agenix-rekey
+  age.identityPaths = [ "/var/lib/persistent/host_id_ed25519" ];
+
+  age.secrets.access-tokens-github.file = ../secrets/gh.age;
+
+  nix.extraOptions = ''
+    !include ${config.age.secrets.access-tokens-github.path}
+  '';
+
   nix.settings.allowed-users = [ "rhea" ];
 }
diff --git a/home/packages.nix b/home/packages.nix
index a6586a8..cd7357b 100644
--- a/home/packages.nix
+++ b/home/packages.nix
@@ -1,4 +1,4 @@
-{ pkgs, ... }:
+{ pkgs, agenix, ... }:
 {
   home.packages = with pkgs; [
     # Desktop Applications
@@ -26,6 +26,7 @@
     nix-output-monitor
     nil
     nh
+    agenix.packages.${system}.default
 
     # Dev Things
     vscode
diff --git a/secrets/gh.age b/secrets/gh.age
new file mode 100644
index 0000000..544340e
--- /dev/null
+++ b/secrets/gh.age
@@ -0,0 +1,5 @@
+age-encryption.org/v1
+-> ssh-ed25519 7JS6dg I9bdNrtj0UzjlrVWOjgVomgWprX+KAaL4uITS9j163I
+8vEaIAqFwmUKXbBskafWr15tqYIfmWjKn9g61F4y6F8
+--- ToUNScc7K59kI8y+SR5e3RxTu16uGSsvd65tqomiOVc
+Vo�X��Z�ζ�������G}�Z�m���Ӡ�,���*��۳�}u���8� \^I/�T"us\��CG�
���h��m>���$��]���$H"<�.tb�O������ֱ�!j�у"����@��o=�ث�_�o����]��z�9�~qO
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
new file mode 100644
index 0000000..a3991a1
--- /dev/null
+++ b/secrets/secrets.nix
@@ -0,0 +1,7 @@
+let
+  rhea-laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJynM8SLRXRrfGRJd43T4wabsOHFcWeeuTym9h7vl7Io";
+  systems = [ rhea-laptop ];
+in
+{
+  "gh.age".publicKeys = [ rhea-laptop ];
+}
\ No newline at end of file