diff --git a/modules/home-manager/sops.nix b/modules/home-manager/sops.nix
index 5c7a0a3..853efec 100644
--- a/modules/home-manager/sops.nix
+++ b/modules/home-manager/sops.nix
@@ -249,6 +249,14 @@ in
         '';
       };
 
+      plugins = lib.mkOption {
+        type = lib.types.listOf lib.types.package;
+        default = [ ];
+        description = ''
+          List of plugins to use for sops decryption.
+        '';
+      };
+
       generateKey = lib.mkOption {
         type = lib.types.bool;
         default = false;
@@ -357,6 +365,8 @@ in
         ))
       ];
 
+      PATH = lib.makeBinPath cfg.age.plugins;
+
       QUBES_GPG_DOMAIN = lib.mkIf cfg.gnupg.qubes-split-gpg.enable (
         lib.mkDefault cfg.gnupg.qubes-split-gpg.domain
       );
diff --git a/modules/nix-darwin/default.nix b/modules/nix-darwin/default.nix
index fffd5b5..27331bc 100644
--- a/modules/nix-darwin/default.nix
+++ b/modules/nix-darwin/default.nix
@@ -308,6 +308,14 @@ in
           Paths to ssh keys added as age keys during sops description.
         '';
       };
+
+      plugins = lib.mkOption {
+        type = lib.types.listOf lib.types.package;
+        default = [ ];
+        description = ''
+          List of plugins to use for sops decryption.
+        '';
+      };
     };
 
     gnupg = {
@@ -395,6 +403,7 @@ in
       sops.environment.SOPS_GPG_EXEC = lib.mkIf (cfg.gnupg.home != null || cfg.gnupg.sshKeyPaths != [ ]) (
         lib.mkDefault "${cfg.gnupg.package}/bin/gpg"
       );
+      sops.environment.PATH = lib.mkIf (cfg.age.plugins != [ ]) (lib.makeBinPath cfg.age.plugins);
     }
   ];
 }
diff --git a/modules/sops/default.nix b/modules/sops/default.nix
index f80c5a2..6a2197a 100644
--- a/modules/sops/default.nix
+++ b/modules/sops/default.nix
@@ -39,6 +39,7 @@ let
     # [1] https://github.com/getsops/sops/pull/1692
     cfg = lib.recursiveUpdate cfg {
       environment.HOME = "/var/empty";
+      environment.PATH = lib.makeBinPath cfg.age.plugins;
     };
     inherit lib;
   };
@@ -342,6 +343,14 @@ in
         '';
       };
 
+      plugins = lib.mkOption {
+        type = lib.types.listOf lib.types.package;
+        default = [ ];
+        description = ''
+          List of plugins to use for sops decryption.
+        '';
+      };
+
       generateKey = lib.mkOption {
         type = lib.types.bool;
         default = false;
@@ -463,6 +472,7 @@ in
         before = [ "sysinit-reactivation.target" ];
         environment = cfg.environment;
         unitConfig.DefaultDependencies = "no";
+        path = cfg.age.plugins;
 
         serviceConfig = {
           Type = "oneshot";
diff --git a/modules/sops/secrets-for-users/default.nix b/modules/sops/secrets-for-users/default.nix
index aee1ced..841eb13 100644
--- a/modules/sops/secrets-for-users/default.nix
+++ b/modules/sops/secrets-for-users/default.nix
@@ -17,6 +17,7 @@ let
     # See also the default NixOS module.
     cfg = lib.recursiveUpdate cfg {
       environment.HOME = "/var/empty";
+      environment.PATH = lib.makeBinPath cfg.age.plugins;
     };
     inherit lib;
   };
@@ -36,6 +37,7 @@ in
         before = [ "systemd-sysusers.service" ];
         environment = cfg.environment;
         unitConfig.DefaultDependencies = "no";
+        path = cfg.age.plugins;
 
         serviceConfig = {
           Type = "oneshot";