diff --git a/hosts/architect/nextcloud.nix b/hosts/architect/nextcloud.nix
index 4e343e5..61b209f 100644
--- a/hosts/architect/nextcloud.nix
+++ b/hosts/architect/nextcloud.nix
@@ -8,6 +8,17 @@ let
   inherit (utilities) architectInterfaceAddress;
 in
 {
+  age.secrets = {
+    nextcloud-admin = {
+      file = ../../secrets/nextcloud-admin.age;
+      owner = "nextcloud";
+    };
+    nextcloud-database = {
+      file = ../../secrets/nextcloud-database.age;
+      owner = "nextcloud";
+    };
+  };
+
   environment.systemPackages = with pkgs; [
     nodejs-18_x
     libtensorflow
@@ -62,14 +73,14 @@ in
       settings = {
         overwriteprotocol = "https";
       };
-      
+
       config = {
         dbtype = "mysql";
         dbuser = "nextcloud";
         dbhost = "localhost";
         dbname = "nextcloud";
-        dbpassFile = "/secrets/nextcloud/dbpass.txt";
-        adminpassFile = "/secrets/nextcloud/dbpass.txt";
+        dbpassFile = config.age.secrets.nextcloud-database.path;
+        adminpassFile = config.age.secrets.nextcloud-admin.path;
       };
     };
   };
diff --git a/secrets/nextcloud-admin.age b/secrets/nextcloud-admin.age
new file mode 100644
index 0000000..bc9c1ec
Binary files /dev/null and b/secrets/nextcloud-admin.age differ
diff --git a/secrets/nextcloud-database.age b/secrets/nextcloud-database.age
new file mode 100644
index 0000000..41e7eb6
--- /dev/null
+++ b/secrets/nextcloud-database.age
@@ -0,0 +1,27 @@
+age-encryption.org/v1
+-> ssh-rsa QXZdow
+JFZ512g1V5fHSCDuxPcpFGSSAzI6326lbmmQaepxfPyTzZpK5Qo7WaUeF0dCmwi1
+mwS038cbo57hPnuGapJtrqggiVm8B53rli7xlwFQCydVkxnKPSvcERI8KphEn1K5
+1YGeU6XdqqNyv1NSV9V8A4Y74LMk1H+igWR5sWZnO6sQi7LLAwfL+BsskdwY0ZuW
+9TOzkeZtgU5qy9IbN6liouEMliO660q1sb+OxQFP8pVIS3xt9mD2IE4W3hP9aZyF
+JHUZPizwF+HvspR8oMV4R7JI4gexBwnMVeu4HVu+ayY2udQvr2DNxQNHM66zClPo
+7G67rblH6IfCOrOieqIVvYrbJQuSZip4npnQyXVXzg/wQ6CGu0k4E8wF1xHFYKAO
+LGWK8uUxffC1ITEfNMaSs/3AKMuqBsJcDXYYe4yq4lJYxSfwXbu+G6aqOgHYAe7p
+LBQgl5Dn19r/7zKRLJTK4eJ0ah8bnWWTU9FcHAJbqKFYK6DW+syqFYinXfwt9AQI
+g0w5apgPm/B3PX0wKiabci8c4AZ6n2JVWvI9sJkhcL5t93JS9uBsgxzc3Hv4nu3E
+zD1Skp648In+oQ+6xuDmIuEuu8xIhGwU3jhJeIiTZwX54wj35v/gNLU2sH1hK/90
+vyJcZClmpGDsOu/vHeKPSfP29MEzlahA5dZS0DDkt58
+-> ssh-ed25519 7eGqHw AJlmB4Up3Zs4gNdfRRt8zZ5r1M8DcXSdj7B09VUlYCk
+Vteh5QnSqhIrXm10zdOjP+Lhm3qwABqGgQFHfrnrjH4
+-> ssh-rsa tO3rGg
+VPAsazrTmffI7Y0LOsLwAoeOtz9lnDm3vYTDcFi8DoJcHsXDh2cYib1hET4noWLf
+gFQiP30rNKTvkBDeThdH5opyZbO9BfDX1IgJo5Fm7yO3LdSWB44fL3Mn8HoMKGkn
+d6TKM0ZxDZAkApTMcKHjHlcnWgy5sGxW0pHDnBvCCqsQHqRywcGDZTVhmxshLxQw
+giQo3ZI8fzD436bY+rWYJtqWKcOnBLGEiFoWJr9qfLcG2FwB0xLppfX7S6htLQpn
+btqafMtA8HgGVkVGC+uADqghPGzO/rN/z571xvZ6F4GyeB1/2RbVX62N4jN8FlPc
++6UWe3kgxM9cOedpwYPqte3gIETWBxlfpspOfVaRv6qMx6ZM1mPsP1qTpQNUabm2
+2Ale/EkLnfYzwXmaiql0/oEuqq7Dp806XP5AcKxZHNUJeZHRdqOUHGCNJzfAO3H4
+uazZGDtZR+pSq0QwEZqp1GoodtzCbBnbko5ZwVYXIXc1gSbwvP6ZW/5HiPEM0jaM
+
+--- TXLi+4AqW9L3grKPVMBDb75OHyjatQzBxUlI4Xe1eMw
+ÛÞÁ }ccn‡ó…¹'Ï’F¥At«5ËT Æµ –E]Òx7írÑ|kô§ÿµI°mÅ‹¼ú×%‚}’´¿‰¬#=J.
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 5cd11d0..7c5f8d4 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -7,4 +7,6 @@ in
 {
   "matrix-synapse.age".publicKeys = pubkeys;
   "teslamate.age".publicKeys = pubkeys;
+  "nextcloud-admin.age".publicKeys = pubkeys;
+  "nextcloud-database.age".publicKeys = pubkeys;
 }