diff --git a/colmena/local.nix b/colmena/local.nix
index a610670..51720b9 100644
--- a/colmena/local.nix
+++ b/colmena/local.nix
@@ -1,13 +1,19 @@
 { name, nodes, config, lib, pkgs, ... }:
 
-{
+let sources = import ../npins;
+in {
   deployment = {
     allowLocalDeployment = true;
     targetHost = null;
     tags = [ "local" ];
   };
 
+  nixpkgs.config.packageOverrides = pkgs: {
+    agenix = (import "${sources.agenix}" { inherit pkgs; }).agenix;
+  };
+
   environment.systemPackages = with pkgs; [
+    agenix
     colmena
     npins
   ];
diff --git a/hive.nix b/hive.nix
index 84aa279..d7a8ae9 100644
--- a/hive.nix
+++ b/hive.nix
@@ -10,6 +10,7 @@ in {
 
     imports = [
       (import "${sources.home-manager}/nixos")
+      (import "${sources.agenix}/modules/age.nix")
       ./pinning.nix
       ./common/utilities.nix
       ./users/qenya.nix
@@ -29,7 +30,7 @@ in {
   yevaud = { name, nodes, ... }: {
     networking.hostId = "09673d65";
     time.timeZone = "Etc/UTC";
-    
+
     imports = [
       ./colmena/remote.nix
       ./hosts/yevaud/configuration.nix
diff --git a/npins/sources.json b/npins/sources.json
index 8212066..f0a5225 100644
--- a/npins/sources.json
+++ b/npins/sources.json
@@ -1,5 +1,20 @@
 {
   "pins": {
+    "agenix": {
+      "type": "GitRelease",
+      "repository": {
+        "type": "GitHub",
+        "owner": "ryantm",
+        "repo": "agenix"
+      },
+      "pre_releases": false,
+      "version_upper_bound": null,
+      "release_prefix": null,
+      "version": "0.15.0",
+      "revision": "564595d0ad4be7277e07fa63b5a991b3c645655d",
+      "url": "https://api.github.com/repos/ryantm/agenix/tarball/0.15.0",
+      "hash": "01dhrghwa7zw93cybvx4gnrskqk97b004nfxgsys0736823956la"
+    },
     "home-manager": {
       "type": "Git",
       "repository": {
@@ -20,9 +35,9 @@
         "repo": "nix-vscode-extensions"
       },
       "branch": "master",
-      "revision": "b601ea2daf217f0e9a5247aa90c1cdc3ab169c41",
-      "url": "https://github.com/nix-community/nix-vscode-extensions/archive/b601ea2daf217f0e9a5247aa90c1cdc3ab169c41.tar.gz",
-      "hash": "1mfsmlbykx2w0rlc6ax4gf926c499zsfvsq64jb7zc6d2fkqnwf6"
+      "revision": "b1d364d5f9d3d7fee8fa854d553cd95d69b9ff4c",
+      "url": "https://github.com/nix-community/nix-vscode-extensions/archive/b1d364d5f9d3d7fee8fa854d553cd95d69b9ff4c.tar.gz",
+      "hash": "0ig6wl067fg1ia3m8jisq8am8hrpxicvh20113p5d9qvm7i2zxni"
     },
     "nixpkgs": {
       "type": "Channel",
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
new file mode 100644
index 0000000..15c6b9f
--- /dev/null
+++ b/secrets/secrets.nix
@@ -0,0 +1,5 @@
+let
+  yevaud = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICHUAgyQhl390yUObLUI+jEbuNrZ2U6+8px628DolD+T";
+  systems = [ yevaud ];
+in
+{ }