diff --git a/hosts/web-2/radicale.nix b/hosts/web-2/radicale.nix
index 2aee3f3..d2936fd 100644
--- a/hosts/web-2/radicale.nix
+++ b/hosts/web-2/radicale.nix
@@ -1,6 +1,11 @@
-{ ... }:
+{ config, ... }:
 
 {
+  age.secrets.radicale-htpasswd = {
+    owner = "radicale";
+    group = "radicale";
+  };
+
   services.radicale = {
     enable = true;
     settings = {
@@ -9,7 +14,7 @@
       };
       auth = {
         type = "htpasswd";
-        htpasswd_filename = "/var/src/secrets/radicale/htpasswd";
+        htpasswd_filename = config.age.secrets.radicale-htpasswd.path;
         htpasswd_encryption = "bcrypt";
       };
       storage = {
diff --git a/hosts/web-2/secrets/radicale-htpasswd.age b/hosts/web-2/secrets/radicale-htpasswd.age
new file mode 100644
index 0000000..181070b
--- /dev/null
+++ b/hosts/web-2/secrets/radicale-htpasswd.age
@@ -0,0 +1,11 @@
+age-encryption.org/v1
+-> ssh-ed25519 HwR33w +w13fgMLBeHKig0VX67/mlhQb0EPSJAFTu//velYNRY
+irMedsePNfFFOYhKksrqLcLdNdYHMxFy4iTPneIOtWU
+-> ssh-ed25519 1nn+0Q KpFGP/y4zZ8E8Jut8Gpea1DLH6rXGKODLE3IPTbzOUo
+p28M4shr97sqqTBAxB1fQRNCj2E+xio3TboKZ/6smb8
+-> rXRB4)-grease
+t3CdM1EbN2yfSeKURCJRMTZ4w9FtXu6+Y8PWxo2RTV0fyv6XJdrq1jn1n4IflQLP
+CV3H9FlQp4Lg/bdqVZDqDoMJ6dprVWK4rACnF6/tRRkZR4Ndfk4JRRWtWBOfR/ax
+GWNb
+--- yNRoOEai4ypvo0uGZYI1q/qwzS4wIZFXQEGYcW+H/wc
+��	�Z�����e0���_��D@�Ε�>�[�KOQBuP�9TGg��(�9�p��Z@1�&RZ�O��C�p$kr��������lg!\�������=W׃�(�Vq
\ No newline at end of file