diff --git a/flake.nix b/flake.nix
index 403bed6..a9b755e 100644
--- a/flake.nix
+++ b/flake.nix
@@ -108,6 +108,8 @@
 
               inputs.impermanence.nixosModules.impermanence
               inputs.quick-nix-registry.nixosModules.local-registry
+
+              ./secrets
             ];
           };
 
diff --git a/modules/devos/options.nix b/modules/devos/options.nix
index 70b972e..a583db5 100644
--- a/modules/devos/options.nix
+++ b/modules/devos/options.nix
@@ -23,6 +23,8 @@ in
       monitors = mkOpt int 1;
       graphical = mkBoolOpt config.services.xserver.enable;
     };
+
+    secrets = mkOpt (attrsOf path) { };
   };
 
   config = {
@@ -40,5 +42,7 @@ in
     environment.variables = mkAliasDefinitions options.env;
 
     bud.localFlakeClone = config.dotfiles.dir;
+
+    secrets = mapAttrs (n: v: v.path) config.age.secrets;
   };
 }
diff --git a/secrets/default.nix b/secrets/default.nix
new file mode 100644
index 0000000..19851b5
--- /dev/null
+++ b/secrets/default.nix
@@ -0,0 +1,11 @@
+{ lib, self, ... }:
+let
+  folder = ./.;
+  toFile = name: "${folder}/${name}";
+  filterSecrets = key: value: value == "regular" && lib.hasSuffix ".age" key;
+  filtered = (lib.filterAttrs filterSecrets (builtins.readDir folder));
+  secrets = lib.mapAttrs' (n: v: lib.nameValuePair (lib.removeSuffix ".age" n) { file = toFile n; }) filtered;
+in
+{
+  age.secrets = secrets;
+}
diff --git a/users/infinidoge/default.nix b/users/infinidoge/default.nix
index a8272e0..c4607b7 100644
--- a/users/infinidoge/default.nix
+++ b/users/infinidoge/default.nix
@@ -89,12 +89,10 @@ in
     software.minipro.enable = true;
   };
 
-  age.secrets.infinidoge-password.file = "${self}/secrets/infinidoge-password.age";
-
   user = {
     name = "infinidoge";
     uid = 1000;
-    passwordFile = config.age.secrets.infinidoge-password.path;
+    passwordFile = config.secrets.infinidoge-password;
     description = "Infinidoge, primary user of the system";
     group = "users";
     isNormalUser = true;
diff --git a/users/root/default.nix b/users/root/default.nix
index 1c9219a..24b7230 100644
--- a/users/root/default.nix
+++ b/users/root/default.nix
@@ -1,7 +1,5 @@
 { lib, config, self, ... }: {
-  age.secrets.root-password.file = "${self}/secrets/root-password.age";
-
-  users.users.root.passwordFile = config.age.secrets.root-password.path;
+  users.users.root.passwordFile = config.secrets.root-password;
 
   home-manager.users.root = { suites, profiles, ... }: {
     imports = lib.lists.flatten [