diff --git a/hosts/nuos/configuration.nix b/hosts/nuos/configuration.nix
index 81ee105..1747073 100644
--- a/hosts/nuos/configuration.nix
+++ b/hosts/nuos/configuration.nix
@@ -2,7 +2,7 @@
 # your system. Help is available in the configuration.nix(5) man page, on
 # https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
 
-{ modulesPath, pkgs, inputs, lib, nix-colors, ... }:
+{ modulesPath, pkgs, inputs, lib, nix-colors, config, ... }:
 {
   imports =
     [
@@ -143,6 +143,11 @@
     };
   };
 
+  age.secrets = {
+    "secrets/token-flurry".file = ../../secrets/github/flurry.age;
+    "secrets/token-nixconf".file = ../../secrets/github/nixconf.age;
+  };
+
   services = {
     nix-serve = {
       enable = true;
@@ -158,7 +163,7 @@
           curl
         ];
         name = "flurry-runner";
-        tokenFile = "/secrets/token-flurry";
+        tokenFile = config.age.secrets."secrets/token-flurry".path;
         url = "https://github.com/itepastra/flurry";
       };
       nixconf-runner = {
@@ -167,7 +172,7 @@
           nixos-rebuild
         ];
         name = "nixconf-runner";
-        tokenFile = "/secrets/token-nixconf";
+        tokenFile = config.age.secrets."secrets/token-nixconf".path;
         url = "https://github.com/itepastra/nixconf";
       };
     };
diff --git a/secrets/github/flurry.age b/secrets/github/flurry.age
new file mode 100644
index 0000000..39be8df
--- /dev/null
+++ b/secrets/github/flurry.age
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 tcnWbQ JAhI/dqMejqQiwZFA6nNMBG4M6HRGuoVZZ0u5Tz6mD4
+i4Zmj5Uz7bBaztDRtbfXobXpBc7IivtvP9yM/2fL0KQ
+-> ssh-ed25519 ropO2g aJL3w72KCeL7DLQZc6l2zH1zSr0qQUdH9t5MNgLvonE
+IQ82mUzK2Qh7nllM/AMhSajX4lQszao9CZ2IUA6BDeI
+--- dNAB2ZaXFs5iC8zMMH+sazvOl3jeQCF5cZi5vlz9yQY
+múUJF3ò ‰´í	ÒV¬æ’YfÄR8Gn!kr¦k) j^­M|Ó6˜sø‹È.1˜`‘sê<Í§
\ No newline at end of file
diff --git a/secrets/github/nixconf.age b/secrets/github/nixconf.age
new file mode 100644
index 0000000..c353346
Binary files /dev/null and b/secrets/github/nixconf.age differ
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 1b0e2a6..0ae3732 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -1,9 +1,12 @@
 let
   noa = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKOiz4Dsp4fgtwgOvARzOO9kZI4fSwJ4QJCf34dGVB6Z";
+  nuOS = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM79/rtDi2KIN75Rr6ae+A8lPTSCQfCkhbx1tGmQ3Qed";
 in
 {
   "restic/env.age".publicKeys = [ noa ];
   "restic/repo.age".publicKeys = [ noa ];
   "restic/password.age".publicKeys = [ noa ];
+  "github/flurry.age".publicKeys = [ noa nuOS ];
+  "github/nixconf.age".publicKeys = [ noa nuOS ];
 }