diff --git a/hosts/gatekeeper/configuration.nix b/hosts/gatekeeper/configuration.nix
index 839b0ef..e4f9d81 100644
--- a/hosts/gatekeeper/configuration.nix
+++ b/hosts/gatekeeper/configuration.nix
@@ -100,7 +100,7 @@
       ];
       listenPort = 51820;
       allowedIPsAsRoutes = false;
-      privateKeyFile = "/var/src/secrets/wireguard/wg-vpn";
+      privateKeyFile = config.age.secrets.wg-vpn.path;
     };
   };
 
diff --git a/hosts/gatekeeper/secrets/wg-vpn.age b/hosts/gatekeeper/secrets/wg-vpn.age
new file mode 100644
index 0000000..7cce97d
--- /dev/null
+++ b/hosts/gatekeeper/secrets/wg-vpn.age
@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> ssh-ed25519 HwR33w mc6hKfB2yixGjxjDoUlz5e+KQ9CdlTveXhecg+fnBz0
+PvS1xgw1EpHKjHyjnAQQ6bt5wZF42rE5TE/tNJ4KEKU
+-> ssh-ed25519 W4Oy+w Cfmoqb/Odb+XJECaXhm7yDqdOi0776l8I3rsZimfNkw
+86jSNwg/eKkxCvncnnVDwc6OZovXFMwLnqPeCtuWGHg
+-> c-grease nQ | u[<tiR5
+ZJfBhhmLf64ruvxrxxHtjSuZ00snW+w9
+--- f8ZhZlLEbwre1PYWOGu2rBVllDbDIjj7FmW8Jrq9EQM
+W*àË:§ºA˜Í2¢‹°¢Úú^�-'‹ÛÒ¦qé_©ì-ÂøWd+*EŽäƒ¿ÿÿ
GÊýY$ý©—t\b™Ï\Ô3º[}a}\âˆV3ïg
\ No newline at end of file