diff --git a/secrets/default.nix b/secrets/default.nix
index 19851b5..2bbeadb 100644
--- a/secrets/default.nix
+++ b/secrets/default.nix
@@ -1,4 +1,4 @@
-{ lib, self, ... }:
+{ lib, self, config, ... }:
 let
   folder = ./.;
   toFile = name: "${folder}/${name}";
@@ -7,5 +7,7 @@ let
   secrets = lib.mapAttrs' (n: v: lib.nameValuePair (lib.removeSuffix ".age" n) { file = toFile n; }) filtered;
 in
 {
-  age.secrets = secrets;
+  options.modules.secrets.enable = lib.mkOpt lib.types.bool true;
+
+  config.age.secrets = lib.mkIf config.modules.secrets.enable secrets;
 }
diff --git a/users/infinidoge/default.nix b/users/infinidoge/default.nix
index c4607b7..4d8b53f 100644
--- a/users/infinidoge/default.nix
+++ b/users/infinidoge/default.nix
@@ -92,7 +92,7 @@ in
   user = {
     name = "infinidoge";
     uid = 1000;
-    passwordFile = config.secrets.infinidoge-password;
+    passwordFile = lib.mkIf config.modules.secrets.enable config.secrets.infinidoge-password;
     description = "Infinidoge, primary user of the system";
     group = "users";
     isNormalUser = true;
diff --git a/users/root/default.nix b/users/root/default.nix
index 24b7230..5466b58 100644
--- a/users/root/default.nix
+++ b/users/root/default.nix
@@ -1,5 +1,5 @@
 { lib, config, self, ... }: {
-  users.users.root.passwordFile = config.secrets.root-password;
+  users.users.root.passwordFile = lib.mkIf config.modules.secrets.enable config.secrets.root-password;
 
   home-manager.users.root = { suites, profiles, ... }: {
     imports = lib.lists.flatten [