diff --git a/.gitignore b/.gitignore
index b512c09..2537f5f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,6 @@
-node_modules
\ No newline at end of file
+node_modules
+
+secrets.nix
+
+.gitsecret/keys/random_seed
+!*.secret
\ No newline at end of file
diff --git a/.gitsecret/keys/pubring.kbx b/.gitsecret/keys/pubring.kbx
new file mode 100644
index 0000000..370ef27
Binary files /dev/null and b/.gitsecret/keys/pubring.kbx differ
diff --git a/.gitsecret/keys/pubring.kbx~ b/.gitsecret/keys/pubring.kbx~
new file mode 100644
index 0000000..bacd41b
Binary files /dev/null and b/.gitsecret/keys/pubring.kbx~ differ
diff --git a/.gitsecret/keys/trustdb.gpg b/.gitsecret/keys/trustdb.gpg
new file mode 100644
index 0000000..c644d80
Binary files /dev/null and b/.gitsecret/keys/trustdb.gpg differ
diff --git a/.gitsecret/paths/mapping.cfg b/.gitsecret/paths/mapping.cfg
new file mode 100644
index 0000000..d1fa05a
--- /dev/null
+++ b/.gitsecret/paths/mapping.cfg
@@ -0,0 +1 @@
+secrets.nix:4bbdbaf5a1e73f35b556f2eeba1f002c99fd1314b10e7b214f79fa28a18afe04
diff --git a/modules/applications/git/default.nix b/modules/applications/git/default.nix
index 3030bcf..da599a1 100644
--- a/modules/applications/git/default.nix
+++ b/modules/applications/git/default.nix
@@ -1,6 +1,10 @@
 { pkgs, ... }: {
   home-manager.users.adrielus = {
-    home.packages = with pkgs; [ gource gitAndTools.hub ];
+    home.packages = with pkgs; [
+      gource
+      gitAndTools.hub
+      gitAndTools.git-secret
+    ];
     programs.git = {
       enable = true;
 
diff --git a/modules/applications/misc.nix b/modules/applications/misc.nix
index 8e23d76..d6115fc 100644
--- a/modules/applications/misc.nix
+++ b/modules/applications/misc.nix
@@ -1,6 +1,8 @@
 { pkgs, ... }: {
   home-manager.users.adrielus.home.packages = with pkgs; [
+    tree
     mkpasswd
+    gnupg
     vscodium
     google-chrome
     discord
diff --git a/modules/users.nix b/modules/users.nix
index 37b41ab..881b7e5 100644
--- a/modules/users.nix
+++ b/modules/users.nix
@@ -1,11 +1,12 @@
-{ ... }: {
+{ ... }:
+with import ../secrets.nix; {
   users = {
     mutableUsers = false;
     users.adrielus = {
-      isNormalUser = true;
+      inherit hashedPassword;
+
       extraGroups = [ "wheel" "networkmanager" ];
-      hashedPassword =
-        "$6$5NX9cuUbX$yjiBbroplRLanLfJ5wNjjsd9rSvN81BCNEnuF2DUgfMa/TPYdl5PUYcWF52VxNbisDPsR2Q5EhgNrgALatpT3/";
+      isNormalUser = true;
     };
   };
 }
diff --git a/secrets.nix.secret b/secrets.nix.secret
new file mode 100644
index 0000000..14f50b3
Binary files /dev/null and b/secrets.nix.secret differ