diff --git a/flake.lock b/flake.lock
index e622e4e..b7a234c 100644
--- a/flake.lock
+++ b/flake.lock
@@ -517,7 +517,8 @@
         "nixpkgs-raw": "nixpkgs-raw",
         "nixpkgs-unstable-raw": "nixpkgs-unstable-raw",
         "plasma-manager": "plasma-manager",
-        "secrets": "secrets"
+        "secrets": "secrets",
+        "sops-nix": "sops-nix"
       }
     },
     "secrets": {
@@ -536,6 +537,26 @@
         "url": "ssh://forgejo@git.toast003.xyz:4222/Toast/nix-secrets"
       }
     },
+    "sops-nix": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs-unstable-raw"
+        ]
+      },
+      "locked": {
+        "lastModified": 1764483358,
+        "narHash": "sha256-EyyvCzXoHrbL467YSsQBTWWg4sR96MH1sPpKoSOelB4=",
+        "owner": "Mic92",
+        "repo": "sops-nix",
+        "rev": "5aca6ff67264321d47856a2ed183729271107c9c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "Mic92",
+        "repo": "sops-nix",
+        "type": "github"
+      }
+    },
     "systems": {
       "locked": {
         "lastModified": 1681028828,
diff --git a/flake.nix b/flake.nix
index 07875bb..b73ccd4 100644
--- a/flake.nix
+++ b/flake.nix
@@ -16,6 +16,10 @@
         darwin.follows = ""; # Not using this on MacOS, so this doesn't pull it's dependencies
       };
     };
+    sops-nix = {
+      url = "github:Mic92/sops-nix";
+      inputs.nixpkgs.follows = "nixpkgs-unstable-raw";
+    };
 
     home-manager = {
       url = "github:nix-community/home-manager/release-25.11";
@@ -167,6 +171,7 @@
               modules =
                 [
                   agenix.nixosModules.default
+                  sops-nix.nixosModules.sops
                   (
                     if stable
                     then home-manager
diff --git a/roles/common/configuration.nix b/roles/common/configuration.nix
index 284565f..d26b350 100755
--- a/roles/common/configuration.nix
+++ b/roles/common/configuration.nix
@@ -129,7 +129,10 @@
     backupFileExtension = "hm-backup";
     useGlobalPkgs = true;
     verbose = true;
-    sharedModules = [flakeSelf.inputs.catppuccin.homeModules.catppuccin];
+    sharedModules = with flakeSelf; [
+      inputs.catppuccin.homeModules.catppuccin
+      inputs.sops-nix.homeManagerModules.sops
+    ];
     users.toast = {osConfig, ...}: {
       catppuccin.flavor = osConfig.catppuccin.flavor;
       catppuccin.accent = osConfig.catppuccin.accent;
@@ -156,6 +159,9 @@
       "/persist/id_host"
     ];
   };
+  sops = {
+    age.sshKeyPaths = ["/persist/id_host"];
+  };
 
   catppuccin.grub.enable = true;