diff --git a/modules/home/agenix.nix b/modules/home/agenix.nix
index c1b7abf..8a7ac60 100644
--- a/modules/home/agenix.nix
+++ b/modules/home/agenix.nix
@@ -1,7 +1,7 @@
 # Debug agenix logs:
 #   cat ~/Library/Logs/agenix/stdout
 #   cat ~/Library/Logs/agenix/stderr
-{ flake, config, ... }:
+{ flake, config, lib, ... }:
 let
   inherit (flake.inputs) agenix;
 in
@@ -16,4 +16,15 @@ in
   # To provision this key once:
   #   ssh-keygen -t ed25519 -f ~/.ssh/agenix
   age.identityPaths = [ "${config.home.homeDirectory}/.ssh/agenix" ];
+
+  # WORKAROUND: Fix agenix restart loop on Darwin
+  # See: https://github.com/ryantm/agenix/issues/308
+  # Permanent fix pending in: https://github.com/ryantm/agenix/pull/352
+  #
+  # The issue: `Crashed = false` means "restart when NOT crashed" (i.e., restart on successful exit)
+  # This causes the agent to restart every 10 seconds after successful completion.
+  # Solution: Remove the Crashed option entirely, only keep SuccessfulExit = false
+  launchd.agents.activate-agenix.config.KeepAlive = lib.mkForce {
+    SuccessfulExit = false;
+  };
 }