diff --git a/hosts/sirius/default.nix b/hosts/sirius/default.nix
index 4b770c1..0a37ff3 100644
--- a/hosts/sirius/default.nix
+++ b/hosts/sirius/default.nix
@@ -14,6 +14,23 @@
 
   tux.services.openssh.enable = true;
 
+  sops.secrets = {
+    hyperbolic_api_key = {
+      sopsFile = ./secrets.yaml;
+      owner = "${username}";
+    };
+
+    gemini_api_key = {
+      sopsFile = ./secrets.yaml;
+      owner = "${username}";
+    };
+
+    open_router_api_key = {
+      sopsFile = ./secrets.yaml;
+      owner = "${username}";
+    };
+  };
+
   boot.binfmt.emulatedSystems = ["aarch64-linux"];
 
   nixpkgs = {
diff --git a/hosts/sirius/secrets.yaml b/hosts/sirius/secrets.yaml
new file mode 100644
index 0000000..32ff925
--- /dev/null
+++ b/hosts/sirius/secrets.yaml
@@ -0,0 +1,27 @@
+hyperbolic_api_key: ENC[AES256_GCM,data:3E4oWt65AU3anVUEU52r7vpRddDgXdqKgvc/URQmJGbA0nu6sbRmw3lD44SG0L5tMubi20+gkKlyFV3i8q2U148eo582Sxh8eXshvvjZ+gr9W9Eg0Tk9kQWycrE+N3r3g1AC+CWtbkRFDxQLuVAYf9W4mTw2Yg1VLV7H3BUCSYv3Rg5EPb9c,iv:Z+72Bk+5ZnHVR+SHXgM5mwfsIp4zZf9Iv8cAaZQB3Mg=,tag:phqWkpOCKnfiCBvR/f3flw==,type:str]
+gemini_api_key: ENC[AES256_GCM,data:S9DEgF4xIDXaOqs+3vdRbFb4Z8eAV1hVg8PwEfasWu9XGH3CTXV8,iv:LvUFg6dzlzC3feGh//d2rmxvVq5TJQDEBQWfxNa259Y=,tag:juLXnsiXz7OmYvyKfAv66Q==,type:str]
+open_router_api_key: ENC[AES256_GCM,data:tUtkVER9ZlhSeb0bDbA1nRi1lkRX/ofosV+mcHnaNQmAZXWXiyn8WDfemxxNuvU86YctURxL4TckfsQv7RmMjY7esB1Pmmwf9Q==,iv:elT8JJu48cgu4Q1YWxiL4ePNkP+EGhI8blqfUB/nmz8=,tag:bMvUXUegE+GJ6WdypTxLyw==,type:str]
+sops:
+    age:
+        - recipient: age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtVUx5VWlHekQ1ZlBWb1cv
+            aWpXQ0NUaDVudENNRWhPdXlhekhwZW9zbjNNCkRzTlVOZm53MnJmckp6d3FsTU9D
+            M2pZYUs2aHJzWjQzM01BMUVaZHlsdm8KLS0tIG04Rjc3VXM1eFhvTGhpMVlJdE9K
+            dkYwdGZMRmZ1MFFTVlI4T0MrNytsV00KmdCXJ/EBZhLN/NXuOf36LjwmGTze46Ou
+            kQtKSpdzLdo/bdS6sbUGVHqDLeS7GwGtVciMh9zBHCsGBCAAkQHxIA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1f860dfewlx5jtt9ejr47gywx70p3dmyc8mat29gpr75psljwjv8q5xyxkq
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiSXhQdEpJZHBGbjlZTnhD
+            U0Zwc1pwbGtHdkRFbWJRVzRNWUdqakhzM2pJCmYyYlMwQVZEbzkxcnRKVERyeExB
+            Z0hXcTdyMHMwREExdlJmR3JHTldvRnMKLS0tIFNMczN6QmI3cUR6clBDU2dKQTVF
+            U1dpRkttaURwSkgySVdiR25iZk50b2cKrrNfeAV73W3+kWM0diIFj08+koBVySVx
+            U3tYYrePi7qQxDSrNo4a14yOopjktj/ABKpxI5cfza6aS5NQxErq2Q==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-10-10T21:30:12Z"
+    mac: ENC[AES256_GCM,data:IxGSaYj3PLV+RA4G+A3yep0RkcPr9xd6X7yKJP3QVthzGinm0KRNs8wyMdDgdSrK/e0AlzN594VOMTRRgxLV9oPqEPqufWDGGCpiKuW+q2mJSv3i3f1dUbO/l+OSTEFqeeKb8rWEhbJ3qcjEhI/eFB+RNkDtJvSzDlJsS4uDB9A=,iv:VlvTI3AHyBKpwr9b29YqN8V1Tjq2E8oAOAPA7LuAKps=,tag:+BFt/T4ep66WFz9Y2a7a9w==,type:str]
+    unencrypted_suffix: _unencrypted
+    version: 3.10.2