diff --git a/flake.nix b/flake.nix
index 1ac0cb7..8133433 100644
--- a/flake.nix
+++ b/flake.nix
@@ -124,16 +124,6 @@
           };
         };
         modules = [
-          inputs.sops-nix.homeManagerModules.sops
-          {
-            sops = {
-              defaultSopsFile = ./secrets.yaml;
-              secrets = {
-                # Define your secrets here
-                vikunja_jwtsecret = {};
-              };
-            };
-          }
           ./home-manager/homeserver.nix
         ];
       };
diff --git a/home-manager/homeserver.nix b/home-manager/homeserver.nix
index e5fa334..e9194ed 100644
--- a/home-manager/homeserver.nix
+++ b/home-manager/homeserver.nix
@@ -12,5 +12,14 @@
     ./homeserver/packages.nix
     ./homeserver/programs.nix
     ./homeserver/containers.nix
+    inputs.sops-nix.homeManagerModules.sops
   ];
+
+  sops = {
+    age.keyFile = "/home/cianh/.config/sops/age/keys.txt";
+    defaultSopsFile = ./secrets.yaml;
+    secrets = {
+      vikunja_jwtsecret = {};
+    };
+  };
 }
diff --git a/home-manager/homeserver/containers/work_tools.nix b/home-manager/homeserver/containers/work_tools.nix
index 401d9ba..601bf95 100644
--- a/home-manager/homeserver/containers/work_tools.nix
+++ b/home-manager/homeserver/containers/work_tools.nix
@@ -12,13 +12,10 @@
       image = "docker.io/vikunja/vikunja:latest";
       autoUpdate = "registry";
       environment = {
-        VIKUNJA_SERVICE_JWTSECRET = config.sops.secrets.vikunja_jwt_secret.path;
+        VIKUNJA_SERVICE_JWTSECRET = config.sops.secrets.vikunja_jwtsecret.path;
         VIKUNJA_SERVICE_PUBLICURL = "http://bulba.space/";
         VIKUNJA_DATABASE_PATH = "/db/vikunja.db";
       };
-      environmentFiles = [
-        config.sops.secrets.vikunja_jwt_secret.path
-      ];
       volumes = [
         "/home/cianh/vikunja/files:/app/vikunja/files"
         "/home/cianh/vikunja/db:/db"
diff --git a/home-manager/secrets.yaml b/home-manager/secrets.yaml
new file mode 100644
index 0000000..0815060
--- /dev/null
+++ b/home-manager/secrets.yaml
@@ -0,0 +1,21 @@
+vikunja_jwtsecret: ENC[AES256_GCM,data:Ri2wYlmWJMS1V1U84msjzg40OEyTNjcm33Bsw46FYLgMUn/n59Smipyh+bjUudDOiNZeTRtciRhKFjB7qGt2Vw==,iv:zTzV3WouxI4lxEMReUnu4EKyC0hBd9ZFHRSb1rLvs38=,tag:8QEfipKFn4yJwl3ImC6lDw==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age15x4h66uk6ct3436e6r4l0tkpf86e7jzl3lqd2acndq2jjvq5za3stqg2fy
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4TU5UWE5XU0ZtekNHSFVo
+            U1N6VGhyRlRuTkxiOGR0SU9hUndjN2xLOEVFCktNb3M4MzF2WWJlRG5lWTdJbVhl
+            TTcwL2ZLVzB2SXNsWE55VEhOaTg3M0UKLS0tIEZCR2tzZFlqTy9OdUwrRkZwWDFF
+            VjBIa05Gc0xxeDlrTUo2Wlc0R1Z4c0kKIWQlPSxK9nt5YG5cINZqtwh+atzFdXsU
+            2dxKy4BMiZqsuF3lGoGpOg0yXyNlE91UJwkymk8tJK9KXrqf4biq7Q==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-01-30T00:51:36Z"
+    mac: ENC[AES256_GCM,data:AdbgKxiJR/dWAZ2goNKOcf/gvyrpjeihMaL73w36+reQvn95O0Uwyou9f0Wujf5AZan5J0YKfLrr/850bL9K0f8JnNUcxLg2wAjxVi0NgZqqEWJAPLuxMly2WXJYWKCFRZNyRcwzvVPVp/R95EF0eHqchlCnYYO+B0fDJaqwVLE=,iv:wHMqe7QVD/NEeeX9AapVcwhkmei0tOOIjP3UVB1ZGtM=,tag:9iBIma3IrDQu7syDD4H1GA==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.9.2