From cda2b68b7efd7a8521a64aec45c93927de89ecb4 Mon Sep 17 00:00:00 2001
From: Sridhar Ratnakumar <srid@srid.ca>
Date: Tue, 25 Nov 2025 10:18:12 -0500
Subject: [PATCH] Configure agenix to use local SSH key

- Add age.identityPaths to juspay.nix for local key usage

- Update secrets justfile to use ~/.ssh/agenix instead of 1Password

- Add zest SSH key for secret decryption

- Remove infinitude system keys from secrets config

- Rekey all secrets with updated key configuration
---
 modules/home/work/juspay.nix              |  24 +---------------------
 secrets/github-nix-ci/emaletter.token.age | Bin 636 -> 526 bytes
 secrets/github-nix-ci/srid.token.age      |  21 +++++++++----------
 secrets/gmail-app-password.age            |  18 ++++++++--------
 secrets/hackage-password.age              |  19 ++++++++---------
 secrets/hedgedoc.env.age                  | Bin 648 -> 538 bytes
 secrets/juspay-anthropic-api-key.age      |  19 ++++++++---------
 secrets/justfile                          |   7 ++++++-
 secrets/pureintent-basic-auth.age         |  18 ++++++++--------
 secrets/secrets.nix                       |  12 +++++++----
 10 files changed, 59 insertions(+), 79 deletions(-)
diff --git a/modules/home/work/juspay.nix b/modules/home/work/juspay.nix
index 474c48a..f748619 100644
--- a/modules/home/work/juspay.nix
+++ b/modules/home/work/juspay.nix
@@ -15,6 +15,7 @@ in
   ];
 
   age.secrets.juspay-anthropic-api-key.file = ../../../secrets/juspay-anthropic-api-key.age;
+  age.identityPaths = [ "${config.home.homeDirectory}/.ssh/agenix" ];
 
   programs.zsh.initContent = ''
     export ANTHROPIC_API_KEY="$(cat "${config.age.secrets.juspay-anthropic-api-key.path}")"
@@ -48,27 +49,4 @@ in
     ANTHROPIC_MODEL = "claude-sonnet-4-5";
     # ANTHROPIC_API_KEY set in initExtra via agenix
   };
-
-  /*
-    # Enable Vertex AI integration
-    CLAUDE_CODE_USE_VERTEX = "1";
-    CLOUD_ML_REGION = "us-east5";
-    ANTHROPIC_VERTEX_PROJECT_ID = "dev-ai-gamma";
-
-    # Optional: Disable prompt caching if needed
-    DISABLE_PROMPT_CACHING = "1";
-
-    # Optional: Override regions for specific models
-    VERTEX_REGION_CLAUDE_3_5_HAIKU = "us-central1";
-    VERTEX_REGION_CLAUDE_3_5_SONNET = "us-east5";
-    VERTEX_REGION_CLAUDE_3_7_SONNET = "us-east5";
-    VERTEX_REGION_CLAUDE_4_0_OPUS = "europe-west4";
-    VERTEX_REGION_CLAUDE_4_0_SONNET = "us-east5";
-    VERTEX_REGION_CLAUDE_4_5_SONNET = "us-east5";
-
-    # Model configuration
-    ANTHROPIC_MODEL = "claude-sonnet-4-5";
-    ANTHROPIC_SMALL_FAST_MODEL = "claude-3-5-haiku";
-    };
-  */
 }
diff --git a/secrets/github-nix-ci/emaletter.token.age b/secrets/github-nix-ci/emaletter.token.age
index 874690664146a2c269e790b26836fd9d32c9347f..ed919e2893f6e77842b0c6dd18e9b067a8ed50bf 100644
GIT binary patch
delta 492
zcmeyv(#JAEr{2uV!pPgrCpXv7HMc51Cp#_7)vGAQr_9YMFCr>RyFAjdAj+a3(pfvx
zmCIAx(yuhiC@Rz<$G9-cu)sJyDcz{R)jYt>JUcr(IU>p@D>%J0pwJ>SnM>DBp}06h
zH#Nn`)YQ;Y!L!8NBPviK-_<?4D##!?y|f^}+1yh<v);4J!ZEQtu+q3FDYBwCwbU{s
zE7ip~GA!JH%h5S9Fv1|o(kwkSu_&<EH!Q0#!^<T%yU4A?#9O<}FD%%@sKCj{tE$)&
z-MYx)in82vg`$GgjN<Yv@4UPM!<34OoQlMB*P#5+G_OE6*Syr6j6&afi}29o!pbDW
ze6FOBNDoId&qV!*;C$cWilpL{B3I8!pQ3V;puFrPx3nrR?ed89<nX*oPcB_uU4=k{
zaDRV4Q_tZ1v`D`QSKs2)06%Asfc&cP)W9s~V*SzrmlV@H#|XD9U#`o%KAarJ8yc^@
zo_L_G?psoXfNBAYRN^7kR7Wd=XAfOY<{G-j95H5kCppuAL361}>H7&z?YsQ~lUKI1
zG`!Qe%9AI?DXx6y(1nv>b9+9ncl|VTx8}tKAD<s?mSpbwbopTAx%p<c>Lr%XcFN4y
Yd%&$z+4gJ^)3^V2cbqnB?g)Jh0BnV}00000

delta 583
zcmeBU`NJ|nC)~-RG}EFeUE4G%B`YeZq|7iWJUP_eKhL}(#HBdZ+cVcYt2Dbj!on~w
zl*>FIIo;dSEg(0@BrQBSH=@`wy;9pL)HlVbG+f)jJ2<km+%(D5(%dW}bmB+xdSj<V
zgGgV`{D6o814sWvgNU*sQ-k6_kEE1}sH#A>z$(+^O5gHg*UE}Wu8e{b=ivP8VuPZJ
zp!5LqQqQt1|4`%7#A44%i%{2q%JeXk4DSLr^8!}`E?ql?;^GY5)D$CAQ$tGyk3j88
z%W{PXSBrdiLw}1bXUp)6Fb`*g`t(9ybIYtmeJ_hJgVMZ!h$uhj%#z};<Q!kFG-JQy
z#42MizchEZNJGcusI&;bqIB01UvJOS%*YfA150m@2=mmWpp;N_>k14C3v$vGik#B}
zEQ}(`Ewz)2Lfk!b^E@m4jr5JQy+eJH(p`;n($nib3w@2sojilmxwOk8{ryZM%reXh
zJgSPcOZ*DVQ$xZMOOg!y&0L&}@+@4VqCyMvs*<8SxpZ}P6(X|(49(pWJ<P&`Qt}N#
zP4nG6(>y$!JaQ5vBl0TBoh{3gU2}__eGQW>xL)Q~KD)swbH887T<++Blh@+sdi<0u
zkhpp(H7;(7o4D9N`M$l3(*<<&l{R{(ezJbM(>!Qz)%Q(3y^S+D9ekEY-<G^s|9;}G
z>3^rK|7b4${@IhI7jyJuc3FlqKM|O6QLcmQ$U#}jwL4a<*A9PpT4LQArB7UJSNES@
MtGM9im4%n(04!0|CjbBd

diff --git a/secrets/github-nix-ci/srid.token.age b/secrets/github-nix-ci/srid.token.age
index 48757b6..27cbc8e 100644
--- a/secrets/github-nix-ci/srid.token.age
+++ b/secrets/github-nix-ci/srid.token.age
@@ -1,12 +1,11 @@
 age-encryption.org/v1
--> ssh-ed25519 96IXNQ qxnWrc61w1kSBf3m7ofJWrTTdhrKSMmp9iW5y9RzdUU
-epgghGOuuMctx4uyYWrvN33tu4dL91E8VNxlMuvxw/g
--> ssh-ed25519 Ysxvmg ZjHA3/xCKFO+sk9RGRXkfGcxixk4arKP6PlRnLKRqi0
-CJITJ6M4KRM5lH23O5kWY8qjs+WEZLe5OooaIa7LInE
--> ssh-ed25519 HQ+y9w MyD/org+yNN0HhLh3GLG9PbCxIjffsMOxcJaQAmeThI
-jGFfuzJmA+AXgG9OI1c88TD4GHFA4C4GnzBPYlbvjQY
--> ssh-ed25519 p0qplg dod6JyHjstJGo0LgxlG4z5zrca8qunco+UuFLYZUyxo
-cWZElzFjbZESN2tlbna76yn77qm6e1og7OhoLzYsqVc
---- dD6aThNJBsJXoIS+6JbkIk1o3FJUbvjjjRwX6k3Riz0
- 
-ÊtJÏ$uÅb” |åŸGÁŽ¦Þê#b‹ÄÂÐ¶æ˜¥+´áÜOºMÍç½•`·ÜþBâÝˆÂ¡	ä‘o(å!³wÌt-¿vº(ª&™Â‚8Æ´Ö*;_©6€}IèóuG‡±³‘`U?gñ:Â7í°½L¢ù j¬
\ No newline at end of file
+-> ssh-ed25519 96IXNQ V6z62p+pW3kgBssNzyKXgeSkg1Wd8RL6G1UrumXTIWY
+Ct4rp8A1Gg9ExzUyE63JgzgHD5aaeqakZ6ROAPm/XRE
+-> ssh-ed25519 It7HZQ +Hfd+DFL1cxlRFHSfLC2iiEbQ52cir2KgsIAQsgWLj8
+pCD9VDE0GWsr23NRHRCmiZJDrdNN3zKJFY6zNTpzPqg
+-> ssh-ed25519 Ysxvmg NzAhvPK21VdhfbEAD5Fk9VSqqeKjE8n5T9yurBeGohs
+qRZzel60SENc1ewUbubi48zRyhxbpGK85Y2j871YPwY
+--- R2HwRQqDwwfnDYltxQsw+s8fhBHhXVY+t93Uwh4PNYw
+Ò/´Ý¹³øù{¨Œã?bå¿^i#W©Æ
+’as}ëîÈ­jã„é×
+¹p¨$ç'Dµ°ÿöA•ì›@Èù½6ÅÓ2O<š¸“0‹D†ó2Ëó½c@Ò¦·)ë™€ÿ®7„^?Ïå¨¨§ô–ÄÂlVÑÕ0¾ó5ýöXe8
\ No newline at end of file
diff --git a/secrets/gmail-app-password.age b/secrets/gmail-app-password.age
index 3704366..1361e70 100644
--- a/secrets/gmail-app-password.age
+++ b/secrets/gmail-app-password.age
@@ -1,11 +1,9 @@
 age-encryption.org/v1
--> ssh-ed25519 96IXNQ AlPQKdJW4i7KiKFShOJiZS3jaU4rGHxfpTcbxFFhX0c
-/T+E7XkiUOgWtdRVRz9T3ut/AKXLEZpIywdjgPSXetU
--> ssh-ed25519 Ysxvmg ib7r93LrHHqg8Mpy2qjHDscc1j78xHYn+mSE0mgCVmI
-FIcdml33o0867qmVXsfwCTouhNFdzUMcpI/RkD1Ydvk
--> ssh-ed25519 HQ+y9w eqKQ865HffWRjvbj/I5Qoe/jxKEP0Fdjh3FxWppW3zc
-4qtKAl3FFwfevlF0qFPe5brMRdll1cNDbOv/ynzrw94
--> ssh-ed25519 p0qplg QWiCH31vijXLdRi1ERrrsO9/wPnB5dVKmV+JQ7TxWig
-bziVlyMK13NYneR0mmyipoKwTboEd8kQeOE2JS9evMw
---- vO0xh4UbUG45Wnq+c5oL6C4P42B87tYeZ2iKwBEKLa0
-{òkU¤i¨{~¨e’ÙÉ¤ÓA#•N7uBÏ; äJ´¥]H¸Ät6}xÂ=i®ža
\ No newline at end of file
+-> ssh-ed25519 96IXNQ T3RyKheawLaYNrlkDoCXS8pgRIwsNygCXKspcIgFqCo
+atSHBU2ubK2vXRudE/WAd1bVaclb32bqr1DuCfuncD8
+-> ssh-ed25519 It7HZQ AiZwpmGEojWzGAGPOnL9OTF96OsNEskVXq7nzSmIuQw
+qhv3adMWpgHRCSTixOuPOtC9GKPDf8igzEOhCqlZPug
+-> ssh-ed25519 Ysxvmg STvgaNkoEEec339ils0g3H0D32RGph9uBk1socsLiBI
+5pmdT4t49xbzQJy4XhZrCieDcYYr/HT826g55mnAfew
+--- XYTAbK/8LHg4SlajLfSlqToRkAl+mAnXXNdvgMvzaj4
+NtÍî'8ä“ÿòÒ¡Æ§uÕòþúGú_ö¸8QY,û<')¢;Ÿ‘Å!ÏvË¦
\ No newline at end of file
diff --git a/secrets/hackage-password.age b/secrets/hackage-password.age
index 099c8bf..38baab8 100644
--- a/secrets/hackage-password.age
+++ b/secrets/hackage-password.age
@@ -1,11 +1,10 @@
 age-encryption.org/v1
--> ssh-ed25519 96IXNQ fkw73hLDykfEcq/OvTGwfQKO8adwA1ojBuPCKO5hZyw
-YNN1Vcg+30il/ccbcWMgR4uucLBMGSdFLk+6PwjKiKc
--> ssh-ed25519 Ysxvmg RATkz1A0SNVm6Ynu2FhoTgc8yi6TwnK+I3LRpp32jAM
-lUFyoIQSu1DCjkdAgWtDTDuM89GtqFSdbBsBzSZr4yg
--> ssh-ed25519 HQ+y9w OZSJZi0YRfkpmc5d6cMALj+Uo/WFoPy9+ME5tScunn4
-+4W1K5A+p2IPtPzcIiO+z4sVhNotX4T9wqs0E1BRlSc
--> ssh-ed25519 p0qplg Z2P1LtaIrYJujIQy9pIfgjc/tjvy5lWCKPDRUrr5LGs
-Ve5d3aOfB9/GI45gapzVEtnTr0u6N4krZ+DoWj2lbN8
---- CBkheL3TQ/W/4aVzTxuTUPh1UQMGT5AeWTXKCcVTVq8
-‡:wé[-CþÖ7Ÿ#ì«õØu<¥ÑG:l¹Pâ{‚gÐã¹ÙþR¥ç\Î@./
\ No newline at end of file
+-> ssh-ed25519 96IXNQ nHWK3DGvD5svfKFD/QiyGUyE94MfiIAGvwtowQfB8CE
+HKw+5SB99G+BVO1t6dggH+LFfjWSExUXaPA6TgbXkjo
+-> ssh-ed25519 It7HZQ tN1niOfw1WOTti0NAg9IlBSnAkTGloTE5dZGJ3rdXR0
+xw9DqdaqI3o0JuXslaOWcHwN4eLqz4g/lzQPmqZIpLU
+-> ssh-ed25519 Ysxvmg K7Taxefo/m7ObS0f62lowOnSNkN4kRO51A68N9tFmGM
+sOEEjMpzH2CPwnmk7X5fbLKJ3Yw/Tr2P33UHM676y8A
+--- FrVEGbyKNFknaLXq05sb5gD7cZqPv+UZUcuD+sj/SPA
+œcˆÄŠx=âwj»”¿½@±[
+—ðyª²µ}Ãh”8#‹MÜ .N)Æó•DÑ+‹
\ No newline at end of file
diff --git a/secrets/hedgedoc.env.age b/secrets/hedgedoc.env.age
index 122e6b8ff94f7e4a181616a94e4935c7da3bebe7..a85ba6058e4105f20e91683643bb826248cd4538 100644
GIT binary patch
delta 504
zcmeBRoy9Uir#>jWBG5ZAH@DK+)HBy7w9qoRJkQL)z{k5H$JfogAiKmk*)cmXGt@ae
zlq=ZLw8F(NGs7s@H{3PPqar9QDl5^#upr9N!ZkR#A}2ej)FQ+uJ2BNipG((Hp}06h
zH#Nn`)YQ;Y!L!8NBPviKv%uRk-77IO(%8e##5dH`vp&MqxH8)%%grUT$Td6ININaK
zsvx|ez|1L-OW!Q0AUruDFU333EXl+xC@4ML*)Yr?Kh)L0DZkRi&!w_5)Ge~g*DI(T
z-MYx)in82v1@CM#Bmb&Ur!*4_*NAfe(&7x~Ko_Hm(2$A}AMKDVGsEP1SLdKIi*#=n
zN3MJ)i;#$dBFCsC3qv16GcThE13!ygr#vSgmmp)~f>c9SQ|(Ms?d*sO11?=%T?I?i
zJoAwB{L-jW-^#oKAN_)2C--9gD6<L+@1jtr%)Io-sKUsoWT!&QaxVSk=vV*TeeSNZ
zzUKBn@^04VMQ`?=5>z+fDBKuqo^GORelFei$C<Qm8Qqe(e#LDJuT6_H7gxLOH#n8M
zl_AxpL*b5<*u;M-P4a(?Z!1lj{6b<;Zv1cV@9x%Cf~%SBejJU^khrF<=yh?8&5lY>
kU6((ZnUC|g@XoT&7qIzt@u_si^RrA@PDk~BaCK(^0DT6ut^fc4

delta 594
zcmbQm(!n}GC(OblF+ADLHQOR8B_l1e%0D?Z$keOExwtUMLc2IJ)2$?+vNAQ<+}$%T
zlq=jh)wMX#%h)^2F+IC9v9QP~!Xn$rz0lDuCpDm?Jk%##-=eCxpe#RS;s=TPB*Rd@
zFrz%9qA;Hv&)gC}qY`hADDUtHpMWy+a%amDeZTV3Aoob~;-Gx4pi0xSbQ2#J-^i+@
zazodmWPkr$!veFE(4tI}yu30)OZ{R$ZI7tPA}3caT|0&1;tbu?6eCkpLrVpZK<!G)
za)m<gsF2V=BbSmOqavS7_wtH*@4)1=5VtIo#9Y^)6#p_`%b?`Y+=xU+Lr1PE)3o9Y
z$I_~(3STGfFt-fz+@Q3wpiI~F97DI@lq8P;GY_*gBliriOcQkL3JeMha?%xYOgub_
z0<`m8bAkfAT(eD!d<|3dy|OCOjf`_rqjJ;SeCs_U!z=s(90N_bf<ugoO+qu%D}o$d
z3%&f)9V3F%GJVRuUHk&HGxCf*OOm3Jf-6c>(h3c@baizV5}kAWP0K2Col9NI14^=T
zeJU(`T}(Zky>bGgOnmc_^L_J-6T{rngDL{K)E|Cj$SK;ei`7Bx=D%ahCRy{JYp%cS
zdA6(YM8(_u!YhHFCb6z$Iro0s+o*~9zQUXL$1n45IcUWbk!1hMCfGD8DR_NDgxhK_
zo!7O=3qNjMrC1s7vpe_Tm($rkim|h<Zl8T)?E@F%6<ftFwFJ$5x?WtchNIW#smaU<
YKh_$&ef9X?je|Sla=!|nlQ8rF0A+UF%K!iX

diff --git a/secrets/juspay-anthropic-api-key.age b/secrets/juspay-anthropic-api-key.age
index caae671..bfc8888 100644
--- a/secrets/juspay-anthropic-api-key.age
+++ b/secrets/juspay-anthropic-api-key.age
@@ -1,11 +1,10 @@
 age-encryption.org/v1
--> ssh-ed25519 96IXNQ dfehVZ2LNMujmbP0wsxuPU92PynoTs+JoifCpvOxx0g
-Kw5EgbGE8z213x3nB1z4K/H2c+5gZ3tGM2lpvN9yGwQ
--> ssh-ed25519 Ysxvmg XyaT6WaAtv0XyyAfXJ6N7vWZxJ546SiEW5MAYuGXPV0
-0lUd23m+JlFXVAM6dS1UFI8WUfd5lrKjJMQEpNvSae8
--> ssh-ed25519 HQ+y9w aU1OdyrR/qE6E1e3LrGi9I6rzki4X1rlaCdYZ9MzHmg
-EV0/NKDyORAfcFIu6CObkg6EDEdwjJI0pVi0Dpy9wI8
--> ssh-ed25519 p0qplg h5N/ldxUIgUsNOXDP9BSIvoild4YYs9loy9As9RC8W8
-ajAJsLO8GOCLxTMwGG752kpt3TN7ImPyEICZsDFc/P8
---- xLBYy+XcNGtYh0LRLMyUgnXUnwp6UA8rVhDDHbCS2eA
-×0Ë$†‡yH|"(Þ¤šöÁàŠmK¨(Nf×ª:*¨x’ÈõîjÃà7X Ø¬úªõ2ã0
\ No newline at end of file
+-> ssh-ed25519 96IXNQ MqhWG7d6fRrIzIZDyu1/Sr8Kcc/0g6b09JxadmeWISM
+qhSR1c/JfIh9xLR5Yb86D7E8M0X23wvmmBpHl6RiYuA
+-> ssh-ed25519 It7HZQ E6XNqLnTEqg7PjMfQV+4Q2+PxgzwNqUTCIphK1ebWQQ
+NdyhbsqlXpMqn/T9CJeKXP9APY/gMTf045iAyz9Niis
+-> ssh-ed25519 Ysxvmg FDBhNnfef8Mgl0aAnwDcK6Y70LCnvFi74gfPqbYa7U4
+cNUdR58Go8ggcsbcHy288xHRo1wUL1MKiIvKvjcCLQo
+--- FXrK+Jq0W+jvGa+yBaWfvU0th7bAYeU2lxQexsyAnSU
+þ¾ÒâÎ—&ážNRý_4`YÁð›%	KAxµW„[T"Ÿn*g~Ió"þ·åSÑ±ü-Vz%DIÐ
+D˜
\ No newline at end of file
diff --git a/secrets/justfile b/secrets/justfile
index ccb555c..f2f8933 100644
--- a/secrets/justfile
+++ b/secrets/justfile
@@ -4,4 +4,9 @@ default:
 
 # Run `agenix -e <file>` 
 edit FILE:
-    bash -c 'agenix -e {{ FILE }} -i <(op read "op://Private/id_ed25519/private key")'
+    # bash -c 'agenix -e {{ FILE }} -i <(op read "op://Private/id_ed25519/private key")'
+    agenix -e {{ FILE }} -i ~/.ssh/agenix
+
+rekey:
+    # bash -c 'agenix -r -i <(op read "op://Private/id_ed25519/private key")'
+    agenix -r -i ~/.ssh/agenix
\ No newline at end of file
diff --git a/secrets/pureintent-basic-auth.age b/secrets/pureintent-basic-auth.age
index 5cce440..8c4004e 100644
--- a/secrets/pureintent-basic-auth.age
+++ b/secrets/pureintent-basic-auth.age
@@ -1,11 +1,9 @@
 age-encryption.org/v1
--> ssh-ed25519 96IXNQ 0/NuV8hDzg51QcJGiwG0/baeBQc+W9h9q66AzEm+EnY
-V1xUVHQQmXo6YN+BF+ZCn9Ew+bcUqP0975JmvaiSY4o
--> ssh-ed25519 Ysxvmg DxRnKZodptsoekhgqYHvRTmuDoqwsvzZ+lsXA2wU8U8
-lJxE8eCxkBCd5uHUSrOMywBgy0HQEekU5HEn9k7v6xE
--> ssh-ed25519 HQ+y9w sjoTiMATKONmXTmEfmUEsURXxKOEnYS8K3wcTP6OEWU
-kmj2v92yAR8mo/5bL24GMJ9idN4DXPoBh41sGmJFu6U
--> ssh-ed25519 p0qplg 1TuM1BqPK2U5prLL/zEel4nHLEtxud34aSslvCS1k1k
-PvnOGEDrQ0Mek3Z/VeHAcvhdurAN1RZxACiLsali6WQ
---- 2AiI3tw705Kala8qEBWg0PIlXn+yOyeDns01nZ7YjGw
-Ì‰Ït¼ª¬äþu#`=ªèU&S•p6C§Eé:~v;b}€Ó›.'TŒ-xŠ(;Ãž|¹ƒÑ\Sù!æR£dWy£¬¬ëDœÞ5‡8œqA}*Ñ±ZS
\ No newline at end of file
+-> ssh-ed25519 96IXNQ 2fAb4UaMDzIvV6al6FJhaLubphtiSuCpVOaeN+HwGVo
+bP/J1UYVBhjV2aquWSsTytU19R76+9Vlof5/V9CUBZU
+-> ssh-ed25519 It7HZQ /UlpuPliwqF04HPG87ldFPCjxWim6EuCxUUax8h51TQ
+rbQBDdCtd1N2IEuCSZeeusVtkogL3MOr0Mxue/Gwiso
+-> ssh-ed25519 Ysxvmg A81MyiFDefSbX6u7p4bN9vCREgGcp/frzguX1uwXYVM
+KiicSyou3NiK9znW2/MEJi3ElLfsqkCLfMuPbqTLoJs
+--- ArMgx+hzGLdzksx0CEXhb7N//pSq+ovYS/SPS3mQBcs
+bQAü[iz´§/¤%VA‹Ÿ´Exìôò.£šˆº‚‹‚bæZMIsÒ¨1ŒâÙTeq«þõÌ¦Sïúò“,ÚJ÷ÛàÓ­Ê2ÞS¤•ä«á(øTùú6FkÀDÖ.Q¯ìÞR[
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 7a7b9df..3d35497 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -1,11 +1,15 @@
 let
   config = import ../config.nix;
-  users = [ config.me.sshKey ];
+  users = [
+    config.me.sshKey
+    # zest: unique just for decrypting secrets
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJYQQXPMHYBtRcPzSkjQ3oqyje8T4UlCpbr6XjrlzzlK srid@zest"
+  ];
 
   pureintent = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICkY5feaNt4elPqRQimB9h3OFxtFAzp98p1H+JezBv92 root@nixos";
-  infinitude-macos = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICjg6aknmaXdQ/arHcTD+USFwCTsUGyJv9R1dXnejdby";
-  infinitude-nixos = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKhLuTee/YS04uBhg9Zri5OKfQySoeUXxVVpz6xVUtB5";
-  systems = [ pureintent infinitude-macos infinitude-nixos ];
+  systems = [
+    pureintent
+  ];
 in
 {
   "hedgedoc.env.age".publicKeys = users ++ systems;
