diff --git a/hosts/server/secrets.nix b/hosts/server/secrets.nix
index 9f439c6..c90b5e5 100644
--- a/hosts/server/secrets.nix
+++ b/hosts/server/secrets.nix
@@ -88,4 +88,17 @@
     mode = "0400";
   };
 
+  age.secrets."vault-oidc-secret" = {
+    file = ../../secrets/vault-oidc-secret.age;
+    owner = "kanidm";
+    group = "kanidm";
+    mode = "0400";
+  };
+
+  age.secrets."vault-secret-env" = {
+    file = ../../secrets/vault-secret-env.age;
+    owner = "vaultwarden";
+    group = "vaultwarden";
+    mode = "0400";
+  };
 }
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index f839cf6..3c4d101 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -22,4 +22,6 @@ in
   "forgejo-runner-token.age".publicKeys = users ++ systems;
   "kandim-admin.age".publicKeys = users ++ systems;
   "kandim-idmAdmin.age".publicKeys = users ++ systems;
+  "vault-secret-env.age".publicKeys = users ++ systems;
+  "vault-oidc-secret.age".publicKeys = users ++ systems;
 }
diff --git a/secrets/vault-oidc-secret.age b/secrets/vault-oidc-secret.age
new file mode 100644
index 0000000..752b97a
Binary files /dev/null and b/secrets/vault-oidc-secret.age differ
diff --git a/secrets/vault-secret-env.age b/secrets/vault-secret-env.age
new file mode 100644
index 0000000..e5cfb4b
--- /dev/null
+++ b/secrets/vault-secret-env.age
@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> ssh-ed25519 Iy+0iw rpRn2BgDtK3p1tHofUH/nCEwRh4z7rjAwLbvbhCTSkg
+6ZiVqx6pNZyYmhsDhZh3YG6+LKiRsnuWMfN8KzJLyhw
+-> ssh-ed25519 ocqiLQ AguX30lc6+1ckV3ENiHhboGyNyf2pN0hqIytsTAjwz4
+rAGWhtuROHn8p0eAGEKS6Xp+PyYmpbw2EbdadbfJxt0
+--- WA9Zus5yXPXPD+TiHyUlEIqozmvhAxWQTE6s2olZ1fs
+2*8Ö3‹˜gã ¾E(µªÛ+ÃÝ<ïµtª­Öà•‘ÞFú–Õ×#v7Cü+|
+Ò£ÉýZ¥Y(â.áÛ´Dê.‡Ôr`ý`Žz‡@™³Ã)141}Þ@°œ_¼þ&€¨œß2£ÀºqÒOH>Ÿ÷w[„ðŒ<ÕrÆ3–àÚrIÂ¦MÎb+ôÌo90H÷*D'ªy’&ç]÷h1› ì†¥Ýžšs&Œ• Ò<ƒÇ
+"ÊpœéÑÃýûiQß^×p9ÕËÎâžb#æ²)ch*ç;'"¢gõCvñfø­§Øæ}®Õùv
\ No newline at end of file