diff --git a/hosts/boreal/default.nix b/hosts/boreal/default.nix
index 9175f92..be11d05 100644
--- a/hosts/boreal/default.nix
+++ b/hosts/boreal/default.nix
@@ -9,6 +9,8 @@
       ./hardware-configuration.nix
 
       ./home.nix
+
+      ./secrets.nix
     ];
 
   boot.kernelPackages = pkgs.linuxPackages_latest;
diff --git a/hosts/boreal/secrets.nix b/hosts/boreal/secrets.nix
new file mode 100644
index 0000000..65d91d1
--- /dev/null
+++ b/hosts/boreal/secrets.nix
@@ -0,0 +1,19 @@
+{ config, lib, options, ... }:
+
+{
+  config.age = {
+    secrets =
+      let
+        toSecret = name: { ... }@attrs: {
+          file = ./../../modules/secrets + "/${name}.age";
+        } // attrs;
+      in
+        lib.mapAttrs toSecret {
+          "restic-backup/boreal-credentials" = {};
+          "restic-backup/boreal-password" = {};
+
+          "users/alarsyo-hashed-password" = {};
+          "users/root-hashed-password" = {};
+        };
+  };
+}
diff --git a/hosts/zephyrus/default.nix b/hosts/zephyrus/default.nix
index ef8f38a..641e414 100644
--- a/hosts/zephyrus/default.nix
+++ b/hosts/zephyrus/default.nix
@@ -8,6 +8,7 @@
     [ # Include the results of the hardware scan.
       ./hardware-configuration.nix
       ./home.nix
+      ./secrets.nix
     ];
 
   boot.kernelPackages = pkgs.linuxPackages;
diff --git a/hosts/zephyrus/secrets.nix b/hosts/zephyrus/secrets.nix
new file mode 100644
index 0000000..125bd3f
--- /dev/null
+++ b/hosts/zephyrus/secrets.nix
@@ -0,0 +1,19 @@
+{ config, lib, options, ... }:
+
+{
+  config.age = {
+    secrets =
+      let
+        toSecret = name: { ... }@attrs: {
+          file = ./../../modules/secrets + "/${name}.age";
+        } // attrs;
+      in
+        lib.mapAttrs toSecret {
+          "restic-backup/zephyrus-credentials" = {};
+          "restic-backup/zephyrus-password" = {};
+
+          "users/alarsyo-hashed-password" = {};
+          "users/root-hashed-password" = {};
+        };
+  };
+}
diff --git a/modules/secrets/default.nix b/modules/secrets/default.nix
index 06636db..dc5d2c9 100644
--- a/modules/secrets/default.nix
+++ b/modules/secrets/default.nix
@@ -2,21 +2,6 @@
 
 {
   config.age = {
-    secrets =
-      let
-        toName = lib.removeSuffix ".age";
-        userExists = u: builtins.hasAttr u config.users.users;
-        # Only set the user if it exists, to avoid warnings
-        userIfExists = u: if userExists u then u else "root";
-        toSecret = name: { owner ? "root", ... }: {
-          file = ./. + "/${name}";
-          owner = lib.mkDefault (userIfExists owner);
-        };
-        convertSecrets = n: v: lib.nameValuePair (toName n) (toSecret n v);
-        secrets = import ./secrets.nix;
-      in
-      lib.mapAttrs' convertSecrets secrets;
-
     identityPaths = options.age.identityPaths.default ++ [
       "/home/alarsyo/.ssh/id_ed25519"
     ];