diff --git a/modules/system/sops.nix b/modules/system/sops.nix
new file mode 100644
index 0000000..73db33a
--- /dev/null
+++ b/modules/system/sops.nix
@@ -0,0 +1,22 @@
+{ pkgs, config, lib, inputs ... }:
+
+{
+  imports =[ inputs.sops-nix.nixosModules.sops ];
+
+  options = {
+    modules.system.sops.enable = lib.mkEnableOption "enables ssh";
+  };
+
+  config = lib.mkIf config.modules.system.sops.enable {
+    # enable and configure sops for secrets
+    sops.defaultSopsFile = ../../secrets/secrets.yaml;
+    sops.defaultSopsFormat = "yaml";
+  
+    sops.age.keyFile = "/home/blake/.config/sops/age/keys.txt";
+
+    sops.secrets.example-key = { };
+    sops.secrets."tailscale_authkey" = {
+      owner = "root";
+    };
+  };
+}