diff --git a/.sops.yaml b/.sops.yaml
new file mode 100644
index 0000000..44cfe5f
--- /dev/null
+++ b/.sops.yaml
@@ -0,0 +1,20 @@
+keys:
+  - &jo age1qcjcwh9tq8pzf2yr7m3hm2n3n3y5rlc30fpkr0eytju9w57ucgcsgcy79d
+  - &absolutesolver age1ajkq0lalyc75tjhdtpx2yshw5y3wt85fwjy24luf69rvpavg33vqw6c3tc
+creation_rules:
+  - path_regex: secrets/[^/]+\.(yaml|json|env|ini|cfg)$
+    key_groups:
+    - age:
+      - *jo
+      - *absolutesolver
+
+  - path_regex: systems/[^/]+/absolutesolver/secrets/.*\.(yaml|env|json|ini|cfg)$
+    key_groups:
+    - age:
+      - *jo
+      - *absolutesolver
+
+  - path_regex: systems/[^/]+/puzzlevision/secrets/.*\.(yaml|env|json|ini|cfg)$
+    key_groups:
+    - age:
+      - *jo
diff --git a/README.md b/README.md
index 6caf191..00e635a 100644
--- a/README.md
+++ b/README.md
@@ -32,6 +32,30 @@ you may use the following command to build a VM.
 sudo nixos-rebuild build-vm --flake .#hostname --accept-flake-config
 ```
 
+## 🔑 Secrets Management
+Secrets are managed by the [sops-nix](https://github.com/Mic92/sops-nix) nixos/home-manager modules respectively.
+
+- General secrets are stored within the `secrets` directory.
+- System specific secrets are stored within their respective `systems/<system_type>/<system_name>/secrets` directory.
+
+The following command may be used to convert the SSH host key of a new machine to an age key:
+
+```sh
+nix-shell -p ssh-to-age --run 'ssh-keyscan example.com | ssh-to-age'
+```
+
+Additionally, the following command may be used to create a new sops secret file:
+
+```sh
+nix-shell -p sops --run "sops secrets/example.yaml"
+```
+
+Lastly, when adding new systems, make sure to update any required secret files with the following command:
+
+```sh
+nix-shell -p sops --run "sops updatekeys secrets/example.yaml"
+```
+
 ## 📝 Goals and improvements
 The main goals of this rewritten flake are:
 
diff --git a/flake.nix b/flake.nix
index 82baf98..3787ddf 100644
--- a/flake.nix
+++ b/flake.nix
@@ -19,6 +19,7 @@
   inputs = {
     nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
     easy-hosts.url = "github:tgirlcloud/easy-hosts";
+    sops-nix.url = "github:Mic92/sops-nix";
 
     flake-parts = {
       url = "github:hercules-ci/flake-parts";
diff --git a/modules/flake/systems.nix b/modules/flake/systems.nix
index ea6523e..97be68f 100644
--- a/modules/flake/systems.nix
+++ b/modules/flake/systems.nix
@@ -16,6 +16,7 @@
       modules =
         (lib.optionals (class == "nixos") [
           inputs.home-manager.nixosModules.default
+          inputs.sops-nix.nixosModules.sops
         ])
         ++ (self.lib.dirToModuleList ../${class}); # Import modules based on current classname.
     };