diff --git a/boxes/aristotle/agenix.nix b/boxes/aristotle/agenix.nix
new file mode 100644
index 0000000..c8eeb2b
--- /dev/null
+++ b/boxes/aristotle/agenix.nix
@@ -0,0 +1,12 @@
+{ machines, ... }:
+{
+  age = {
+    secrets = {
+      nm-home-net-config = {
+        file = ../../secrets/nm-home-net-config.age;
+        path = "/etc/NetworkManager/system-connections/main.nmconnection";
+      };
+    };
+    identityPaths = [ "/home/usr/.ssh/id_ed25519" ];
+  };
+}
diff --git a/boxes/aristotle/default.nix b/boxes/aristotle/default.nix
index 47a853b..8d34ddf 100644
--- a/boxes/aristotle/default.nix
+++ b/boxes/aristotle/default.nix
@@ -4,6 +4,7 @@
   imports = [
     ../../lappy-config
     ./paperless.nix
+    ./agenix.nix
     ./hardware-configuration.nix
   ];
 
diff --git a/secrets/nm-home-net-config.age b/secrets/nm-home-net-config.age
new file mode 100644
index 0000000..7c94abd
Binary files /dev/null and b/secrets/nm-home-net-config.age differ
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 1d2f200..675fdac 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -19,4 +19,7 @@ in {
 
   # nextcloud
   "nextcloud-admin-passwd.age".publicKeys = all;
+
+  # networkmanager
+  "nm-home-net-config.age".publicKeys = with machines; [ copernicus.pubkey aristotle.pubkey ];
 }