diff --git a/.sops.yaml b/.sops.yaml
index 67958a2..23fb51f 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -1,7 +1,7 @@
 keys:
   - &personal age12h0ekuyvy244etehyeymz2pt9xxjv7hpe2revateje00xrzj95fqvp2r82
 creation_rules:
-  - path_regex: secrets.yaml$
+  - path_regex: .*secrets.yaml$
     key_groups:
     - age:
       - *personal
\ No newline at end of file
diff --git a/secrets.yaml b/secrets.yaml
index 46816c3..3e18b5a 100644
--- a/secrets.yaml
+++ b/secrets.yaml
@@ -20,6 +20,8 @@ forgejo_db_pass: ENC[AES256_GCM,data:/whBxapqWGNMynXCXVxrQv/XS6ivdTUE6YkuKZ2Rk9k
 postgresdb_admin_password: ENC[AES256_GCM,data:DopfWHTOAwihPa9+197pX3TE03dqWST/7+o=,iv:O9dzjYs9A1vBSp17Kyiz41KllUvpUORCmag0AYe8MNA=,tag:FS0v5us/ANMXweXrSIH2xQ==,type:str]
 murmur_welcome_message: ENC[AES256_GCM,data:k05ez0/raIbgBMu90NrAg5O1nkucDibQXdj8U+TXO3baH+fTexMZBfVqLvRkxQUp6P4tuTUiDaHORO1ezzF52Wfk9NjqMZyYowA62WRmqOoMh0cCUJKetMqly4/eS3/7kYoS9HJ0CP8ANpebUj0CiVBT0H4vNyg0pews3514dciVPN1++93II8IzSx+wXnivns/32ki0YmZrjhTREA==,iv:7scQhjy2uc0FL/26k3FbarA9Nm8GtQCqD7kod4lOlwM=,tag:wSm+6aodL+FD3L4C2+nzgg==,type:str]
 murmur_login_password: ENC[AES256_GCM,data:Fh6XjSxiLEP1jE56D9JRv0TokYOjEafeDkrh9/x5f+Rv4qgH18k54Le4dyl3EzNQ,iv:QbAPJx4xe2DT7AhXbOvQto4M6ICKVlJ/BXoP3ORjd4o=,tag:clHHTrQdi1bzA21gjY7mSg==,type:str]
+forgejo_runner_glucose_token: ENC[AES256_GCM,data:LV9fSGUqK3vn+uIk62CY3W0+9MzGuO2I+MwvqcP/wxzKxgz6q1Ytdw==,iv:fGGyFPuCc76qstvo/tfNciWBW5CNJIgb8CFvEcXBQl8=,tag:dJ1aTgHzrutryhKyPrBx+A==,type:str]
+forgejo_runner_fructose_token: null
 sops:
     kms: []
     gcp_kms: []
@@ -35,8 +37,8 @@ sops:
             NHg3M2l5MWY2alpHdVhIbE5PQ3VxeW8Kr+o5K2EIrPSfIFBWK68mWl4lWJooZxF/
             vKsU99C2iIsbX/eTF2uNQqeDkOqy5egKCG42xikwycGFO/gbnCDIdw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-11-22T06:13:57Z"
-    mac: ENC[AES256_GCM,data:vBEGgzmUZpc67qwPmXNW30IVFBrYNMxgZHF36D1igbivVKa+JFHYn/V4EQuKjREhbXAo9NJlCePz5j0JdDXH5IekZjIPzFlIG+ex9SVwSt60xilk0+k05tnMbNnid8L0lhmb3+pbzieyjPhiRYLjzMFsks5dtr5jTCrIp2JlULA=,iv:3LvtP1GTOfHh6wO90cYFb8GgHEJI0lp2cY3nSZ7Oqho=,tag:wUNfx7cubw2vtAKtUfgblw==,type:str]
+    lastmodified: "2024-11-26T10:14:26Z"
+    mac: ENC[AES256_GCM,data:apt7XQhL7LgHG3vhx4TM0TjoOemmo2XzFRa3BdmGpZ3qK3bIwaetxyD2+qnb25LOukjkyNTdf8rc8e6ALpepVBTENl+vK/iNwdlL5xGg3WZb7WiqnQ+8ZS/iZ0AY6xz83kbLZRsbqsgLTd7OU24Ds7FL+lSConpjxVkOvn5/Abo=,iv:/LKyr6eqjt16GLArlj4/2JKqyKSK3V6/vKMRCGJ+xrI=,tag:FX1elucFIRRsd2VrTCtnrw==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.9.1
diff --git a/services/forgejo/runner.mod.nix b/services/forgejo/runner.mod.nix
index ba5e907..f7d8a37 100644
--- a/services/forgejo/runner.mod.nix
+++ b/services/forgejo/runner.mod.nix
@@ -10,7 +10,7 @@
             labels = [ ];
             name = config.networking.hostName;
             settings = { };
-            tokenFile = "";
+            tokenFile = config.sops.templates."forgejo_runner.env.secrets.yaml".path;
             url = "https://git.collective-conciousness.monster";
           };
         };
diff --git a/sops.mod.nix b/sops.mod.nix
index 83fb7f9..00e6142 100644
--- a/sops.mod.nix
+++ b/sops.mod.nix
@@ -33,6 +33,11 @@
       }
     )
   ];
+  sucrose.modules = [
+    ({
+      sops.secrets.forgejo-runner-token = { };
+    })
+  ];
   glucose.modules = [
     ({
       sops.secrets.binary-cache-secret = { };