diff --git a/configuration.nix b/configuration.nix
index 0925689..3aa4f32 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -100,6 +100,12 @@
     dates = "14:00";
   };
 
+  # Specify secrets
+  age.secrets = {
+    soundcloud_api_key.file = secrets/soundcloud_api_key.age;
+    wireguard.file = secrets/wireguard.age;
+  };
+
   # Import other configuration modules
   imports = [
     ./modules/hardware-configuration.nix
diff --git a/modules/audio.nix b/modules/audio.nix
index 8fc74d1..602b2bf 100644
--- a/modules/audio.nix
+++ b/modules/audio.nix
@@ -64,7 +64,7 @@
 
       [soundcloud]
       enabled = true
-      auth_token = PLACEHOLDER
+      auth_token = ${config.age.secrets.soundcloud_api_key.path}
       explore_songs = 100
 
       [m3u]
diff --git a/modules/networking.nix b/modules/networking.nix
index c9b6e79..c0b179a 100644
--- a/modules/networking.nix
+++ b/modules/networking.nix
@@ -19,7 +19,7 @@
   networking.wg-quick.interfaces = {
     home = {
       address = [ "10.8.0.2/32" ];
-      privateKeyFile = "/home/coolneng/.wg/keys/privatekey";
+      privateKeyFile = config.age.secrets.wireguard.path;
       dns = [ "10.8.0.1" ];
       peers = [
         # zion
@@ -32,7 +32,7 @@
     };
     coace = {
       address = [ "10.9.0.2/32" ];
-      privateKeyFile = "/home/coolneng/.wg/keys/privatekey";
+      privateKeyFile = config.age.secrets.wireguard.path;
       peers = [
         # unit
         {
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
new file mode 100644
index 0000000..04487f3
--- /dev/null
+++ b/secrets/secrets.nix
@@ -0,0 +1,7 @@
+let
+  coolneng =
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC57m1j/G6iQyi2EpU3nj3+df5Z4PL/XbiOmDcqA7ODg";
+in {
+  "soundcloud_api_key.age".publicKeys = [ coolneng ];
+  "wireguard.age".publicKeys = [ coolneng ];
+}
diff --git a/secrets/soundcloud_api_key.age b/secrets/soundcloud_api_key.age
new file mode 100644
index 0000000..d357c03
--- /dev/null
+++ b/secrets/soundcloud_api_key.age
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 G5UUhw tVGNxVkibTRSr8c2l7Wmo3pMhnyI6JHBZzddC93sv2E
+0NOlI4vaBZz+Wg7LDji6CRrNsBPVhQ5rFyjPUe+ekg0
+-> *NFvF-grease b1zp>
+TIRHkh0
+--- Y9Rt0ibteW6VSuzIGt4EenoFoOmRnvIUeFbJkqkL5m4
+Pûë}«®7©}tç™vË|T[c#ib¶Cüâi|¶Îµ?%%Ø¼£l¯ÆD±ÜÉ±­—r¥Iªy,Z{£¤_
\ No newline at end of file
diff --git a/secrets/wireguard.age b/secrets/wireguard.age
new file mode 100644
index 0000000..8794c77
--- /dev/null
+++ b/secrets/wireguard.age
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 G5UUhw ORYEDFD+GUYWiTOhOgjFNa/SQ7DGPIdDFXTUnYkjKUg
+4oM7eE8cg15T8gbHBNOa/oB97SCaSANd7/7vM6+EbNc
+-> ",?]B-grease #sF Zg_{'
+P+bwL7YflfWA4f9LRIM
+--- O+3vZIjCS6xIQwO/fwmdfeMcFqBCpQWTe9UltdlXx5o
+9ß¢Æ]?ÛÉw>“•¾ÓÍ¯®8sn‰òæ"_üªŸÄ@4˜w÷c¬‡¯W¯øNžñ¶Øxšeª~ËOƒ±ŽPà!„~1ôú>
\ No newline at end of file