diff --git a/flake.nix b/flake.nix
index b50d077..53e5f9e 100644
--- a/flake.nix
+++ b/flake.nix
@@ -113,10 +113,10 @@
     }:
     flake-parts.lib.mkFlake { inherit inputs; } {
       imports = [
-        inputs.agenix-rekey.flakeModule
         inputs.pre-commit-hooks.flakeModule
         inputs.nix-topology.flakeModule
         inputs.treefmt-nix.flakeModule
+        ./nix/agenix-rekey.nix
         ./nix/devshell.nix
         ./nix/hosts.nix
       ];
diff --git a/hosts/common.nix b/hosts/common.nix
index 4160463..09a4711 100644
--- a/hosts/common.nix
+++ b/hosts/common.nix
@@ -6,7 +6,7 @@
 }:
 {
   imports = [
-    inputs.agenix.nixosModules.age
+    inputs.agenix.nixosModules.default
     inputs.home-manager.nixosModules.home-manager
     ../modules/nixos
     ../modules/nixos/impermanence.nix
diff --git a/nix/agenix-rekey.nix b/nix/agenix-rekey.nix
new file mode 100644
index 0000000..8bfa20e
--- /dev/null
+++ b/nix/agenix-rekey.nix
@@ -0,0 +1,29 @@
+{
+  inputs,
+  ...
+}:
+{
+  imports = [
+    inputs.agenix-rekey.flakeModule
+  ];
+
+  perSystem =
+    { config, ... }:
+    {
+      agenix-rekey.nixosConfigurations = inputs.self.nixosConfigurations;
+      devshells.default = {
+        commands = [
+          {
+            inherit (config.agenix-rekey) package;
+            help = "Edit, generate, and rekey secrets";
+          }
+        ];
+        env = [
+          {
+            name = "AGENIX_REKEY_ADD_TO_GIT";
+            value = "true";
+          }
+        ];
+      };
+    };
+}