diff --git a/.sops.yaml b/.sops.yaml
index cb3f08d..836a896 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -1,7 +1,7 @@
 keys:
   - &admin_macbook_m1 age169v95f5fqx0sg5mjpp63sumrj9sma9se203ra2c05qa67h2h2drs3tvdph
   - &machine_macbook_m1 age10dd4t507h3ey68l2alu7z94s5lw0kshjq9lre5sv2vehrm9hg4rqk2let7
-  - &nki_pc age1hw22lrsskyvsrwgq9kl48eekwyzgnwt57pe9d9zx3q9xrwyrte4qgvft78
+  - &nki_pc age1tt0peqg8zdfh74m5sdgwsczcqh036nhgmwvkqnvywll88uvmm9xs433rhm
   - &nkagami_main age1n8tnmmgredzltzwkspag7aufhrn6034ny8ysjeulhkwdnf7vqqaqec4mg5
   - &nkagami_do age1z2h24mjt80fryqupajkh3kg5r4sjgw65uqy489xeqxhqj8u2a9fsm3ff36
 creation_rules:
@@ -16,3 +16,9 @@ creation_rules:
         - *nki_pc
         - *nkagami_main
         - *nkagami_do
+  - path_regex: nki-home/secrets/secrets\.yaml$
+    key_groups:
+    - age:
+        - *nki_pc
+        - *nkagami_main
+        - *nkagami_do
diff --git a/nki-home/secrets/secrets.yaml b/nki-home/secrets/secrets.yaml
index 8a07c8f..c2261d8 100644
--- a/nki-home/secrets/secrets.yaml
+++ b/nki-home/secrets/secrets.yaml
@@ -14,14 +14,32 @@ sops:
     azure_kv: []
     hc_vault: []
     age:
-        - recipient: age1hw22lrsskyvsrwgq9kl48eekwyzgnwt57pe9d9zx3q9xrwyrte4qgvft78
+        - recipient: age1tt0peqg8zdfh74m5sdgwsczcqh036nhgmwvkqnvywll88uvmm9xs433rhm
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxQlVuZEFudzBBdTljY05H
-            ajJBRzNEWFdGNEcrWnZPUlBPT0VBYjBNaUFFCjlTR3dCUUhhSGRnK0RiS0VXUnFk
-            REJocU1uQmFrTmRYSVpHelRsaGdrWUkKLS0tIDRFd1RhR0RlMGMzTTY0d0Y2SHM3
-            aGpXT1JkSTZ5dWZLMUZVNlR4NVUvMjQKRAM+Lsj5gH6WLYX5NPW8Mh6iLq6wIl7E
-            0i1ql90F2EGFDii2g1rJLFrsarM3yYWfsaQGcF3BMiJzHwnh5zuEfA==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXYncybnRrQ0Nnelg1TDd1
+            bVI3SVJwMCtsbDVCemtJcmxlYUhSVUJjQWlJCmhjREZodkxNYmtoQjdqYlRNNjNv
+            Z3pYeFQzUDlPRkt0SnZrZ0dnYzFSTlUKLS0tIGlDN1A2K21pYmV6b09GVytQcTFI
+            eU5sNHlrZ1ZCSTE4R3pwU1N2dnFoeGsKzXYAUoBjl3CgsAnIUvGDg9mEOSS/NCmi
+            RTyxTmbcPFNSyusqi+IJ/JawUr133O2/HCELcLCZt1J+ANGKtfZE4A==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1n8tnmmgredzltzwkspag7aufhrn6034ny8ysjeulhkwdnf7vqqaqec4mg5
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzSWI4YngyZ3Q3SiswMTZ1
+            aVVhdHJBb2src2RwT1U1TklzQWtVYVA4U21BCnF3VnJaRlYwY1grVyt4ZjBIWGU5
+            dk1jRWVZRFVWTEEzc1RaN0JvNC9Yc00KLS0tIHRnNmNXTVJvYXVsc2JGeVo4SnVI
+            TG1VcjRpa2owdDd3ZFBvcGVwVDRQTDgKkT2qQiawHQg62+RkslqqvK3TA6G41DPZ
+            /0t6jHCmabYc5u/jHu05uaJiP1/hx4rTuHyRIiqKFpM4h29gmYppXQ==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1z2h24mjt80fryqupajkh3kg5r4sjgw65uqy489xeqxhqj8u2a9fsm3ff36
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkc2w0cTk3cWZ6Z3V5cG4y
+            aGY3RlZocGw1OTZPZnhPQnk3ckliNy9GMVZFCkpMaDlvTForYXdpWGlQTFVSdzVO
+            RnEybFZHYzh1RUZjWExMWkxCRHE1NjgKLS0tIFVTelo1ekc0bkRRUXQyRFQ3emZl
+            bUhIT0Z2b1dVWGNyS1hRVFRyZTA4d00KchP7EhSOMwBl5vFuuskzosRoi8jUu1sw
+            hVjJNF2a40ewgkQgVAoWEzirHbknbQORzmepDDRth7Bve3UQU64+GA==
             -----END AGE ENCRYPTED FILE-----
     lastmodified: "2022-09-16T10:37:15Z"
     mac: ENC[AES256_GCM,data:+YW1Jbs2En9QEbSm994LeKGDQ411mpBz4ZjM0FM/W1S8IQMeMuUZL3Ku8JCjB3u2a6nX4TdqOUGrWSpq5QScgu1avXIdGNPyais2YVTRu0vUoya/X4hOqXykVVgio8LOMcS73oQZQazUmTDYGW5ytbfdtrZo9+gKffzJ2nziOoE=,iv:SCnEb95tCVkCqbccOPCrMrF2Gaz6+esPTRNPD7Zb+M8=,tag:LGDtm+MepZZRFFsJKvFlfw==,type:str]
diff --git a/nki-personal-do/secrets/secrets.yaml b/nki-personal-do/secrets/secrets.yaml
index 8e1fb53..8954c8d 100644
--- a/nki-personal-do/secrets/secrets.yaml
+++ b/nki-personal-do/secrets/secrets.yaml
@@ -17,32 +17,32 @@ sops:
     azure_kv: []
     hc_vault: []
     age:
-        - recipient: age1hw22lrsskyvsrwgq9kl48eekwyzgnwt57pe9d9zx3q9xrwyrte4qgvft78
+        - recipient: age1tt0peqg8zdfh74m5sdgwsczcqh036nhgmwvkqnvywll88uvmm9xs433rhm
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3NHY2Y0lsVFViMHBTUHRp
-            L2RROGV3OGhSZGVmRnJTZWlZNVJVMFJ4N2hzCllXRXg3bTBjZFBvM3FPRlhBbkRu
-            VWR1UkFKUmJhT25OUWQ1aXJiRkhkV2sKLS0tIEF1Zkp0bUFsTGFaMjFYTUNNYmFx
-            N2RGSHpTajRuV3JEcElkN0VZdCtrczgKbpjSE6pSDD/bIa6he0sfH9dE74Z5ZpTG
-            DmPwclKkBarbCY50w1U4crHkhwICkHKNX0K1YwAdwuXBsgGEEJsPug==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBRTRjV29MeW44c3lSZERr
+            SG5OeWNtYWlRdW5QR3lrU1JEeFZVTnpJWUFJCkY3UG9RWmt1RndOMXo3RjR6U0VT
+            bkVHSlBFaVNjME5rM3N5clZwQkU4MUUKLS0tIDNOYzY5cVR1dVJTVFNueHp1YjUv
+            dzUwNmhFLzZENGtJLzVNclhVNDUyYjAK8SMvcqONspn+6HtDxHq73CeBI4usaRfY
+            TOlRt557/Ey2U5g8wq6swUdaNL6/8bjck6/16X8EGk2i4BN7YrUhjA==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1n8tnmmgredzltzwkspag7aufhrn6034ny8ysjeulhkwdnf7vqqaqec4mg5
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPVWVZMm53L3ViaWhwZVFD
-            bWhwUDFaVmp4VE1IanFkeUIrYmxnS3IrZ0VNCnFicjJVamxDTmJ4VWVFRmYyUmRV
-            OW50RlRlN3pzK3VZbko4dkN1QklnMncKLS0tIG55Zi95dTl1akFQczNlbFY2Nmt1
-            VUJWS09UMU9PS3pnL01zR05Id01wVXcK15My8g1eqxq89XxrBs5uCIxX6qTq/HEK
-            pJRrUlz9VEsbvi2Lr2SfQT84ouNc0nk6/8qlzmJUNAktydw5VCyDug==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhVXpyeVU5c3BldmhHL200
+            aW1ETER6cW5jTUgzL1hJdnREUkI0cnZiL1gwClN4SzJRSFhGWVozeWlUV3FJYnNX
+            K1ZkLzd0Wno5MXlBNGVqUlRkQWdwODAKLS0tIFp6RXNSNDdTdzg3OGd5dC9jZlNW
+            Vjg0Y000UUNQS29BUFZsU21NRmM5VWsKHufoTfk2WBs0joa/2J0Bd94YXNkRmUyB
+            pbi5v9w/yN57trB8iEHy6P2XTdgtURDPgSWi7R5n8iQqx++NVQeENg==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1z2h24mjt80fryqupajkh3kg5r4sjgw65uqy489xeqxhqj8u2a9fsm3ff36
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBob0N3bk91S3JSOGxqQm5J
-            YnJlMjZEL2ppamdkM2lyZXNvOEozWGJXSUVzCmxnbldrNVZLSWt4TnJveEg4ZGpO
-            bENvWG5VV1FRTUtLaDV5Y3FsQmVFOGcKLS0tIFd3WTZ6bTF1WW5TRFJwckN3dERQ
-            U1V2ZGozMWc3NzJMamgwbXB6dE4vME0Kxw2aeENkO0hg0bvpshoI1rMbw8T6LpXf
-            n1bnkmfCSE2V5JlI7z6jvuW/6C7bo6RDbbmLOA8dbF4sVTbnymsqsw==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyK2N4QUo4V3BpWHpVaWZv
+            T2NwRGtUb2ZGN0ZZY0taYzh4SDc0OGNMcjBBCnZFUjROSGRzc0tYeXRic01iMkdY
+            Q2o0cmF3U0UyeE42MzZSWkJsNGVrekkKLS0tIE5QVzdXTlgzcjNwVjhYVmt2MGpn
+            by9kZFlTRVdCZFkxYTVVb0RIRk8zUlkKCqMw9oL9RaYBV5Hhy3o8Nm5xmGrPH8Sd
+            hv36sxRFFNZT/DCKaHaSRbT3mfpBZSTXJt1dgl4nZe6whH54t/1KmA==
             -----END AGE ENCRYPTED FILE-----
     lastmodified: "2023-01-31T11:07:33Z"
     mac: ENC[AES256_GCM,data:p0i2UKKVZVnp38Kh5Y1vD1UUeYt8MSb9ICxn6o+iRO0uHMxtlxr8yTJ2erczPNp0HcFnShBIBlVaZ5m3SmAWmrpF3fNKcJEPr+cgajkcXbzJoyjiH6LtKwS1sp/geKlLMlTFzBOhKx9xbGB7TJ1/XRB3c+n+Ed/wkp61xes9uT4=,iv:8KYZJpYPX92/KcmTt7+YLafNkxnAcZ6YOnitecoGdWs=,tag:EtbogNCTj2pOU9p5R3+G9g==,type:str]