diff --git a/secrets/hass/secrets.age b/secrets/hass/secrets.age
new file mode 100644
index 0000000..188f082
Binary files /dev/null and b/secrets/hass/secrets.age differ
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 1c7ffe9..6fb59d4 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -28,5 +28,7 @@ in {
   "paperless.age".publicKeys = [ felschr home-pc home-server ];
   "nextcloud/admin.age".publicKeys = [ felschr home-pc home-server ];
 
+  # home-server
   "home-server/hostKey.age".publicKeys = [ felschr home-server ];
+  "hass/secrets.age".publicKeys = [ felschr home-server ];
 }
diff --git a/services/home-assistant.nix b/services/home-assistant.nix
index 1caae38..2dff78d 100644
--- a/services/home-assistant.nix
+++ b/services/home-assistant.nix
@@ -116,4 +116,9 @@ in {
     };
     # configWritable = true; # doesn't work atm
   };
+
+  age.secrets.hass-secrets = {
+    file = ../secrets/hass/secrets.age;
+    path = "/var/lib/hass/secrets.yaml";
+  };
 }