diff --git a/modules/security/sys/sopsnix.nix b/modules/security/sys/sopsnix.nix
index 5148b9a..c5afc8c 100644
--- a/modules/security/sys/sopsnix.nix
+++ b/modules/security/sys/sopsnix.nix
@@ -5,6 +5,7 @@
     sops.defaultSopsFile = ../secrets/secrets.yaml;
     sops.age.sshKeyPaths = [];
     sops.gnupg.sshKeyPaths = [];
+    environment.variables.SOPS_AGE_KEY_FILE = "/var/lib/sops/root-keys/master-host.txt";
     sops.age.keyFile = "/var/lib/sops/root-keys/master-host.txt";
     systemd.tmpfiles.rules = [
       "d /var/lib/sops/root-keys 0700 root root -"