diff --git a/hosts/miniserver/configuration.nix b/hosts/miniserver/configuration.nix
index 2ee9748..d9539a4 100644
--- a/hosts/miniserver/configuration.nix
+++ b/hosts/miniserver/configuration.nix
@@ -182,7 +182,7 @@
       createHome = true;
       group = "nixremote";
       home = "/var/nixremote/";
-      openssh.authorizedKeys.keys = [ (builtins.readFile ../../secrets/ssh/ed25519_nixworkstation.pub) ];
+      openssh.authorizedKeys.keyFiles = [ ../../secrets/ssh/ed25519_nixworkstation.pub ];
     };
   };
   services = {
diff --git a/hosts/server/configuration.nix b/hosts/server/configuration.nix
index f5ceb38..94eb854 100644
--- a/hosts/server/configuration.nix
+++ b/hosts/server/configuration.nix
@@ -89,7 +89,7 @@
         createHome = true;
         group = "nixremote";
         home = "/var/nixremote/";
-        openssh.authorizedKeys.keys = [ (builtins.readFile ../../secrets/ssh/ed25519_nixworkstation.pub) ];
+        openssh.authorizedKeys.keys = [ ../../secrets/ssh/ed25519_nixworkstation.pub ];
       };
     };
   };
diff --git a/hosts/workstation/configuration.nix b/hosts/workstation/configuration.nix
index 6af4094..d3140f4 100644
--- a/hosts/workstation/configuration.nix
+++ b/hosts/workstation/configuration.nix
@@ -93,9 +93,9 @@
         createHome = true;
         group = "nixremote";
         home = "/var/nixremote/";
-        openssh.authorizedKeys.keys = [
-          (builtins.readFile ../../secrets/ssh/ed25519_nixserver.pub)
-          (builtins.readFile ../../secrets/ssh/ed25519_nixminiserver.pub)
+        openssh.authorizedKeys.keyFiles = [
+          ../../secrets/ssh/ed25519_nixserver.pub
+          ../../secrets/ssh/ed25519_nixminiserver.pub
         ];
       };
     };
diff --git a/jawz.nix b/jawz.nix
index a981617..25007f7 100644
--- a/jawz.nix
+++ b/jawz.nix
@@ -5,6 +5,7 @@ in
 {
   sops.secrets =
     let
+      baseDir = ".ssh/ed25519";
       keyConfig = file: {
         sopsFile = ./secrets/keys.yaml;
         owner = config.users.users.jawz.name;
@@ -14,10 +15,10 @@ in
     in
     {
       jawz-password.neededForUsers = true;
-      "private_keys/age" = keyConfig ".ssh/ed25519_age";
-      "public_keys/age" = keyConfig ".ssh/ed25519_age.pub";
-      "private_keys/${hostName}" = keyConfig ".ssh/ed25519_${hostName}";
-      "git_private_keys/${hostName}" = keyConfig ".ssh/ed25519_git";
+      "private_keys/age" = keyConfig "${baseDir}_age";
+      "public_keys/age" = keyConfig "${baseDir}_age.pub";
+      "private_keys/${hostName}" = keyConfig "${baseDir}_${hostName}";
+      "git_private_keys/${hostName}" = keyConfig "${baseDir}_git";
       "syncthing_keys/${hostName}" = keyConfig ".config/syncthing/key.pem";
       "syncthing_certs/${hostName}" = keyConfig ".config/syncthing/cert.pem";
     };
@@ -64,13 +65,13 @@ in
       "libvirt"
       "rslsync"
     ];
-    openssh.authorizedKeys.keys = [
-      (builtins.readFile ./secrets/ssh/ed25519_deacero.pub)
-      (builtins.readFile ./secrets/ssh/ed25519_workstation.pub)
-      (builtins.readFile ./secrets/ssh/ed25519_server.pub)
-      (builtins.readFile ./secrets/ssh/ed25519_miniserver.pub)
-      (builtins.readFile ./secrets/ssh/ed25519_galaxy.pub)
-      (builtins.readFile ./secrets/ssh/ed25519_phone.pub)
+    openssh.authorizedKeys.keyFiles = [
+      ./secrets/ssh/ed25519_deacero.pub
+      ./secrets/ssh/ed25519_workstation.pub
+      ./secrets/ssh/ed25519_server.pub
+      ./secrets/ssh/ed25519_miniserver.pub
+      ./secrets/ssh/ed25519_galaxy.pub
+      ./secrets/ssh/ed25519_phone.pub
     ];
   };
 }
diff --git a/secrets/keys.yaml b/secrets/keys.yaml
index fbf1b28..1745d1c 100644
--- a/secrets/keys.yaml
+++ b/secrets/keys.yaml
@@ -6,6 +6,7 @@ public_keys:
     miniserver: ENC[AES256_GCM,data:0aI1r2O3u5gBl1icg+pkf1hsReZgvG3aPZhljaYUJWlNtYeairmN6Vd7nUOMu8u4NoRQdLvZC/369p/4GR9WvNUyuELiWbep1TdkxP0hu/wlrFCFJSYwJsm8x0izXmwA,iv:/qmAMMy5obLbw/VZG8zyV4svCWptYfbKi3+Sc1t8O6Q=,tag:R6ylK8O3jqhMPZaBTsrgtg==,type:str]
     galaxy: ENC[AES256_GCM,data:9xjiz/tVn0UlZ9qb/Oi951WWVjmk6HTDjjYzB8kULKYhPJgVdlQioGdJtn3MjKCfqH0UnBZHXoGaK0MsShtfB0xfZkW92dy35KiQ9kQTBJn9LMMNxuk6IEqpWKQ=,iv:6lPWZ1iqerbWfU0UavvpFNtnsxOLkKHGsm3A/X5xUs0=,tag:8hVDlOIcCN590jEFuJ6eSw==,type:str]
     deacero: ENC[AES256_GCM,data:S0FKo5q+grXFBoe9c6ADDA2uGZ1/OMzGU2p3i2PPdhO34PT39ePa/O6yP9Z69RvpL2Ho9GfLlBOSxZa1KtrJecEUoJZBdHWZRhKtcc0EM+CsNHnX74T9a/+uz3IIeys36FPBv5nTs9a22QL/5Q==,iv:xfkLrkje8pv0sMSnTrPrM5fmkAiliiYbGplz1KYYmec=,tag:3D4bZpYUQ/Oq25vfSklZBw==,type:str]
+    phone: ENC[AES256_GCM,data:PvSqRnz2qGQU5kdZZpeqb3Eg2psLYrMoV/168CKMWpc1h5TZi7TeWkCQa6ktPR556NT4Ny2m6rBzADtYZkjFIKtDLXdhTYCeL2eFWB3VbSGFHsHgvxXHbae+zg==,iv:XGO9d0QZXbP7vuNDY4/Z/YhRCPKwj3RoQBx5daQO/xI=,tag:zayb0RYQj6UOi6FKJbhhRg==,type:str]
 private_keys:
     age: ENC[AES256_GCM,data:YZtCasGFuxj4mVnhDtNzXgrzvdjwvHVtaBj2gDJf3dzA7dCe+n7MC5mYowHnS+oZpGFt9P0ImKw30yAYRGZgvxJqL32ACbob4oqcnwmJgswx2ZCwboz/I1PKkAb5uo1Bhc3tyhEshiA9wk99CoI7ug+TGOC5eyFw8RM145uJdxaYJjFmYdSorbjYd5JpijYi3u7p5buIVtr8VRt3tuWNUzarW18d+ZjxtCAF68W9jqICtuODdFakt3pZ9/2byKR5KG1sBKdc38DvJFkRq3wlDE0U2PwPyc/RDdlLAnYGYlZD/GsC1YSWEW/ygxO5lpkoJlxF+/02Qs+lyZVEJd7buYCMU3xkR3kGOQB2dZXa7T6F+Jrr6Ek7svTOQRaId68KhQW33piNUXN8d6YnqIRj537exrcmVCNrRwJmlJ1M8pcYN4IGj6OFICw/lwiTcN51OL4UZOOQZZ60jbgdwWj5gM9OFmxLm0PkIRt6KMQVx58jIzmXqh8SF0+mkymbQdVaoDD5JJ+ltTQgIEBaPe7sGVEK4lGH6qbgtm4F,iv:coRTCK6BSI8QFtfjTg8IAdwumSt6fuQryTxF5g+GF9k=,tag:K06p6t3Gso30DTY/Nk5EDA==,type:str]
     workstation: ENC[AES256_GCM,data:QrM6MwsStFeOH9bFaAuNPtxVWB7rlXXV0PD2Em5Nswf7PIPuzYagQaqBF5nV/AteeJjwsz6KLuBceMZ3O/WlccxvyfY6i00DuRvzJBi+5gZl2rfM4OR5sHC93bzcGmyU1dQUA0nEeGFYUfd4+ZM4BFRgD5OyhpjrqaNYw5kES6WZMCYiR8NAPE2Ca8MqCX3KVQp1AAzgFq/nN0cvuWIflYVIngR4PzAqDGXjgWaPT58rmcWk/3KS2nOKRX5tQ/CgJl4FLdrjuR4VLvoupeUqv1yNeSPSljX+gEK8Sn9vONFd5k0bifLzQd+zCLWyEdJgNvSPf7bnXcuqU8RLSmjckMRAP8YVBlyqsNY++JidXuXukV23aB63dUp44yhIYEkt49/ISJb2qerj3U/Sy97VTw/1WNwY1evzHPlobrUjt3ilxWoxAdzjrqJXWultYYBEk0crmKRRvnABMzaHrZaqaSrHsSfvE4E27m+L9HNwMyq7KywlwrB0KAog52iCi17Gbnrva9aEGrn8Mne2VCvwcrKSEciV1soKpQgy,iv:2+xsS/4+vfQ0UBsHgLVCeV6GOU8giclqNpPXoi43shE=,tag:YVSiY79mHJ2LE9Ab05VE1g==,type:str]
@@ -73,8 +74,8 @@ sops:
             dklwODNxYVo4a2FaWDJFM0FnV1l3SlUKMnq/MAJRwR7iEri2KomPrMj0gTkMyhzH
             P5E4zheU7chJTAz5jf6iecyOvKAt6q5g9Q1MU0D6dkOcv2gzWSNAAw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-10-22T05:25:54Z"
-    mac: ENC[AES256_GCM,data:TvKDzS7B0q/e3/6x+TzNsOHtemBOS5BDXtHRa2IqgIVi10w/qjT+uMoc3i58IbrAylesSawP8adlxvBjAvjtEdFmiQGThyotXc7qSV1DFpFlizlt0f8JAFvGfdDjN05cUru6GQrwLZlqWy6WBhd8iTipyhrDqVSvaD4Ph/E12uU=,iv:opwU5cJb5WuonSY1wkqKGsn6hanGMgQ10tkstipT8+U=,tag:/7Kzr/WQxf5a30b4TOVzug==,type:str]
+    lastmodified: "2024-10-22T07:14:18Z"
+    mac: ENC[AES256_GCM,data:K3oC/OqRJyTZiCuTz/elzUjSl4sxjlkk3l9ePZ8ozTQQkXsbv/8f0uKFQwVnsErIxoKnpRhrxiQbeYFvXOIUH1ve3Bv6TDcGbFwmKZb9PTFaa/BT79+WYWkFNGk+WzExfOGf2lsSThtgqNUJhCPsdXOSbe1VLPYuKteo7/u55ys=,iv:kF1Yus8eXjkcQFy+sl3M01nJq4lWmNUyPB3Mxb37wGU=,tag:VkByqvYVmZVUXTEeHYorzA==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1