diff --git a/secrets.yaml b/secrets.yaml
index b17ac05..82e98c5 100644
--- a/secrets.yaml
+++ b/secrets.yaml
@@ -25,6 +25,7 @@ forgejo_runner_fructose_token: ENC[AES256_GCM,data:vExgJdEHpqzn6DAsMVnE2e3EmgehZ
 grafana_admin_account: ENC[AES256_GCM,data:kDj9o2cpRLmpRVwONBI=,iv:cQfeFhBAVMSysP43J+eDVKAmn1NM+aUN9huraGgpRkY=,tag:AFIr0pwRvHj8ruDAqc2Lww==,type:str]
 grafana_admin_pass: ENC[AES256_GCM,data:AnuVrCJcfj1cHP5W2s5eDlRLaJTOc0T7W3sS2/flnA==,iv:EA0SGXxf9kF+ltmNgcd3rGE7Jmg8/+s3Gip0uByEF9o=,tag:Rm+eSe+H1uytm/MMxMuZpw==,type:str]
 grafana_db_pass: ENC[AES256_GCM,data:2yVNv62go7Bxgmhoqx6J5WU=,iv:4VGAsT4WR0J/aNKUjts+rUIK5UR8OyHjCln4NXnS0LA=,tag:0KtbBFX+3+5fp6ekDSKGrw==,type:str]
+grafana_secret_key: ENC[AES256_GCM,data:w5wrktLlSo8iIfc+r4Rc+XGj5RuXLeRvtTc3iHeGBZclrl+PsjIKf70p,iv:b0NM55wvDCyAtuBebjBgu2Zxio9cPTkFSNusu7veC4o=,tag:3suBUO0tizxjepLgJ1e1mw==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -40,8 +41,8 @@ sops:
             NHg3M2l5MWY2alpHdVhIbE5PQ3VxeW8Kr+o5K2EIrPSfIFBWK68mWl4lWJooZxF/
             vKsU99C2iIsbX/eTF2uNQqeDkOqy5egKCG42xikwycGFO/gbnCDIdw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-12-20T14:41:58Z"
-    mac: ENC[AES256_GCM,data:+F5UEx3OsmIV7eOXGiwYY51NN/5MY4Zejr54OX51p42m1PBohEiR0DhGygiqyNKLwYfX7eyCKehDeSl7+z/kcqTlc7999Fh8qI7ur+BdxtbQsoH35NWWW6V/q4MTlw7hLoHXqSrt4jw8B9nhEKTYbtMCYNRvxH+k+/OYEy5gn3I=,iv:ydbOr/KAe/TW4OCzrDNipi++BT5X583Ux31Q4KaGMG0=,tag:+Wo6C1zbyCqH4OykGHiBDQ==,type:str]
+    lastmodified: "2024-12-20T15:19:45Z"
+    mac: ENC[AES256_GCM,data:vDwQ9F9DgTAqdEjA5zDBR6v3ZCLM5VpZZoMpkrOC0baudVqPK7tt8IcyxgfESn9yJ/GGHwkHgmYvQSOSReEjwKtnMjoTjvAl41PBMwG1+5/c7nqliajk0Sx+znXxDoSIKac4XYlWp5J5myK+wln7pTwy0y7/CgKlsyhIOOxOKec=,iv:1hlEIE8rxk74mb6v8Z9wVel01mtF96eOwsPka2os5L8=,tag:PN4soo9Ko5PlUMbI9HeXow==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.9.2
diff --git a/services/monitoring/grafana.mod.nix b/services/monitoring/grafana.mod.nix
index e76f118..4778ed9 100644
--- a/services/monitoring/grafana.mod.nix
+++ b/services/monitoring/grafana.mod.nix
@@ -29,6 +29,7 @@
           security = {
             admin_user = builtins.concatStringsSep "" ["$__file" "{${config.sops.secrets.grafana_admin_account.path}}"];
             admin_password = builtins.concatStringsSep "" ["$__file" "{${config.sops.secrets.grafana_admin_pass.path}}"];
+            secret_key = builtins.concatStringsSep "" ["$__file" "{${config.sops.secrets.grafana_secret_key.path}}"];
           };
           server = {
             root_url = "https://grf.collective-conciousness.monster";
diff --git a/sops.mod.nix b/sops.mod.nix
index 1f6c55f..e46ab03 100644
--- a/sops.mod.nix
+++ b/sops.mod.nix
@@ -58,9 +58,11 @@
       sops.secrets.grafana_admin_pass = {};
       sops.secrets.grafana_admin_account = {};
       sops.secrets.grafana_db_pass = {};
+      sops.secrets.grafana_secret_key = {};
       sops.secrets.grafana_admin_account.owner = "grafana";
       sops.secrets.grafana_admin_pass.owner = "grafana";
       sops.secrets.grafana_db_pass.owner = "grafana";
+      sops.secrets.grafana_secret_key.owner = "grafana";
     })
     (
       {config, ...}: {