diff --git a/.envrc b/.envrc
new file mode 100644
index 0000000..41db5f7
--- /dev/null
+++ b/.envrc
@@ -0,0 +1 @@
+export SOPS_AGE_KEY_FILE=${HOME}/.config/sops/age/keys.txt
diff --git a/README.md b/README.md
index b48e6e0..ba97ae5 100644
--- a/README.md
+++ b/README.md
@@ -15,3 +15,14 @@ git clone https://github.com/cupcakearmy/nix-macos ~/.config/nix-darwin
 # Installation
 nix run nix-darwin -- switch --flake ~/.config/nix-darwin#mbp
 ```
+
+
+## Sops
+
+Secrets are managed by sops-nix
+
+```bash
+# To edit the secrets files
+nix shell nixpkgs#sops
+sops ./secrets/foo.yaml
+```
diff --git a/home/pkgs.nix b/home/pkgs.nix
index b53fa00..efe8196 100644
--- a/home/pkgs.nix
+++ b/home/pkgs.nix
@@ -20,6 +20,7 @@ with pkgs;
   woff2
   bat
   rsync
+  sops
   #bitwarden-cli
 
   # Dev
@@ -49,6 +50,7 @@ with pkgs;
   tectonic
   tex-fmt
   rustup
+  shfmt
 
   # Fonts
   nerd-fonts.jetbrains-mono