diff --git a/machines/storage01/garage.nix b/machines/storage01/garage.nix
index 85201de..280c100 100644
--- a/machines/storage01/garage.nix
+++ b/machines/storage01/garage.nix
@@ -1,4 +1,4 @@
-_:
+{ config, ... }:
 
 let
   host = "s3.dgnum.eu";
@@ -18,8 +18,6 @@ in {
 
       rpc_bind_addr = "[::]:3901";
       rpc_public_addr = "127.0.0.1:3901";
-      rpc_secret =
-        "a79e86c6fc0e0a02ff71fd3c6127887b6e029ea6e8ade6c3de1a0b7b09ad2873";
 
       s3_api = {
         s3_region = "garage";
@@ -33,13 +31,12 @@ in {
         index = "index.html";
       };
 
-      k2v_api = { api_bind_addr = "[::]:3904"; };
+       k2v_api.api_bind_addr = "[::]:3904"; 
 
-      admin = {
-        api_bind_addr = "0.0.0.0:3903";
-        admin_token = "KVGyC6SNrIwT4o9alxg7T1SWFs29vjev0AzLBwqchjo=";
-      };
+       admin.api_bind_addr = "0.0.0.0:3903"; 
     };
+
+    environmentFile = config.age.secrets."garage-environment_file".path;
   };
 
   systemd.services.garage.serviceConfig = {
diff --git a/machines/storage01/secrets/garage-environment_file b/machines/storage01/secrets/garage-environment_file
new file mode 100644
index 0000000..7b82d38
Binary files /dev/null and b/machines/storage01/secrets/garage-environment_file differ
diff --git a/machines/storage01/secrets/secrets.nix b/machines/storage01/secrets/secrets.nix
index 408fec2..8bf7f5f 100644
--- a/machines/storage01/secrets/secrets.nix
+++ b/machines/storage01/secrets/secrets.nix
@@ -5,6 +5,7 @@ in
 
 lib.setDefault { inherit publicKeys; } [
   "forgejo-database_password_file"
+  "garage-environment_file"
   "lychee-environment_file"
   "peertube-secrets_file"
   "peertube-service_environment_file"