diff --git a/modules/programs/nix.nix b/modules/programs/nix.nix
index c0807ce..c98c643 100644
--- a/modules/programs/nix.nix
+++ b/modules/programs/nix.nix
@@ -44,12 +44,17 @@ in
       nix = config.nix.package;
     };
 
+    age.secrets.nix-github-token.file = ../../secrets/nix-github-token.age;
+
     nix = {
       nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
 
       package = pkgs.nix;
 
-      extraOptions = "experimental-features = nix-command flakes";
+      extraOptions = ''
+        !include ${config.age.secrets.nix-github-token.path}
+        experimental-features = nix-command flakes
+      '';
 
       gc = {
         automatic = cfg.gc.enable;
diff --git a/secrets/nix-github-token.age b/secrets/nix-github-token.age
new file mode 100644
index 0000000..0a2a81e
--- /dev/null
+++ b/secrets/nix-github-token.age
@@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> ssh-ed25519 CjuqfA H1gL8k/o7kvJoVEZ0UrbUv1G7Ceb3cUCIVFhch9rDhc
+0531muHlievVhT5piGLXC+/zOymCkPM9P9csRxLsnpM
+-> ssh-ed25519 wG6LYg Z9cm/TUZbV35tzgHywx1AHmF8jrFFqBl3sCIELEvcH0
+OmLY/ThgZ4f8CFFA5YpYFiRK+ro7cBqoFY6UY7/VS8I
+-> ssh-ed25519 ZYd7Zg xpjSILAYRyQ4kkbdLAVJQXChX+t/DeL3qWWJae2sczI
+wamYh70/AGSh5j4uqsPFTvn36E3TmGoVL8XlxbSfX9g
+--- NNsTU7Fsi/WLegSpkuoNaxN0kFQG38mgdhCQ8y+CSQE
+v��"���F
+�=��r�az�6h��Q�N�&Dpv�G�XQ$d7t�݈El�I��X��YrV'����)J¬�H�ɦ�ڃ?f��W�H_ԮԱ��"
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index e82d844..197c70b 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -28,4 +28,5 @@ in
   "exercism.age".publicKeys = personal;
   "openai.age".publicKeys = personal;
   "anthropic.age".publicKeys = personal;
+  "nix-github-token.age".publicKeys = personal;
 }