diff --git a/common/default.nix b/common/default.nix
index b69520c..7947ddc 100644
--- a/common/default.nix
+++ b/common/default.nix
@@ -1,3 +1,3 @@
 { ... }: {
-  imports = [ ./nix.nix ./secrets.nix ./users.nix ];
+  imports = [ ./nix.nix ./sops.nix ./users.nix ];
 }
diff --git a/common/secrets.nix b/common/secrets.nix
deleted file mode 100644
index 0a257be..0000000
Binary files a/common/secrets.nix and /dev/null differ
diff --git a/common/sops.nix b/common/sops.nix
new file mode 100644
index 0000000..d7d0da8
--- /dev/null
+++ b/common/sops.nix
@@ -0,0 +1,23 @@
+{ config, ... }: {
+  sops = {
+    defaultSopsFile = ./secrets.yaml;
+    age = {
+      keyFile = "/persist/sops/age/keys.txt";
+      sshKeyPaths = [ "/persist/system/etc/ssh/keys/ssh_host_ed25519_key" ];
+    };
+    secrets = {
+      "passwd/root" = {
+        mode = "400";
+        owner = config.users.users.root.name;
+        group = config.users.users.root.group;
+        neededForUsers = true;
+      };
+      "passwd/adtya" = {
+        mode = "400";
+        owner = config.users.users.root.name;
+        group = config.users.users.root.group;
+        neededForUsers = true;
+      };
+    };
+  };
+}
diff --git a/common/users.nix b/common/users.nix
index d60f5db..0761331 100644
--- a/common/users.nix
+++ b/common/users.nix
@@ -7,7 +7,7 @@
     adtya = {
       uid = 1000;
       hashedPasswordFile = config.sops.secrets."passwd/adtya".path;
-      description = "Adithya";
+      description = "Adithya Nair";
       isNormalUser = true;
       extraGroups = [ "docker" "libvirtd" "networkmanager" "tss" "wheel" ];
       shell = pkgs.zsh;
diff --git a/home/programs/git.nix b/home/programs/git.nix
index 8f11015..11ef9fb 100644
--- a/home/programs/git.nix
+++ b/home/programs/git.nix
@@ -1,8 +1,4 @@
-{ secrets, ... }:
-let
-  user = secrets.users;
-in
-{
+{ osConfig, ... }: {
   programs.git = {
     enable = true;
     delta = {
@@ -12,10 +8,10 @@ in
         syntax-theme = "Dracula";
       };
     };
-    userEmail = user.primary.emailAddress;
-    userName = user.primary.realName;
+    userEmail = "adtya@adtya.xyz";
+    userName = osConfig.users.users.adtya.description;
     signing = {
-      key = user.primary.pgpFingerprint;
+      key = "51E4F5AB1B82BE45B4229CC243A5E25AA5A27849";
       signByDefault = true;
     };
     extraConfig = {
diff --git a/hosts/skipper/services/default.nix b/hosts/skipper/services/default.nix
index c329aa6..f60c26d 100644
--- a/hosts/skipper/services/default.nix
+++ b/hosts/skipper/services/default.nix
@@ -1,8 +1,4 @@
-{ secrets, ... }:
-let
-  user = secrets.users;
-in
-{
+{ config, ... }: {
   imports = [
     ./btrfs.nix
     ./dbus.nix
@@ -15,7 +11,7 @@ in
     cpupower-gui.enable = true;
     fstrim.enable = true;
     fwupd.enable = true;
-    getty.autologinUser = user.primary.userName;
+    getty.autologinUser = config.users.users.adtya.name;
     gnome.gnome-keyring.enable = true;
     gvfs.enable = true;
     irqbalance.enable = true;
diff --git a/secrets.nix b/secrets.nix
index 9c5a595..e0f0b18 100644
Binary files a/secrets.nix and b/secrets.nix differ
diff --git a/secrets.nix.example b/secrets.nix.example
index 33b7ac9..72fc95c 100644
--- a/secrets.nix.example
+++ b/secrets.nix.example
@@ -4,16 +4,4 @@
     endpoint = "<endpoint>:<port>";
     publicKey = "<public key>";
   };
-  users = {
-    root.hashedPassword = "<password hash of root user>";
-    primary = {
-      userName = "<primary non-root username>";
-      realName = "<primary user's full name>";
-      hashedPassword = "<password hash of primary user>";
-      pgpFingerprint = "<primary user's pgp fingerprint>";
-      emailAddress = "<primary user's email>";
-      sshPublicKey = "<ssh public key>";
-    };
-  };
-  phone.sshPublicKey = "<ssh public key from phone>";
 }