diff --git a/hosts/plexy/default.nix b/hosts/plexy/default.nix
index 2e65ae9..1b33ca8 100644
--- a/hosts/plexy/default.nix
+++ b/hosts/plexy/default.nix
@@ -1,5 +1,5 @@
 {
-  inputs,
+  config,
   pkgs,
   ...
 }:
@@ -74,7 +74,9 @@
     age.sshKeyPaths = [ ];
     gnupg.sshKeyPaths = [ ];
 
-    secrets = { };
+    secrets = {
+      "vaultwarden.env" = { };
+    };
   };
 
   services = {
@@ -83,6 +85,19 @@
       settings.PasswordAuthentication = false;
       settings.PermitRootLogin = "no";
     };
+    vaultwarden = {
+      enable = true;
+      environmentFile = config.sops.secrets."vaultwarden.env".path;
+      config = {
+        WEBSOCKET_ENABLED = true;
+        SIGNUPS_ALLOWED = false;
+        SIGNUPS_VERIFY = false;
+        INVITATIONS_ALLOWED = false;
+        SHOW_PASSWORD_HINT = false;
+        DATA_FOLDER = "/var/lib/vaultwarden/data";
+        LOG_LEVEL = "warn";
+      };
+    };
   };
 
   environment.variables.EDITOR = "nvim";
diff --git a/hosts/plexy/secrets.yaml b/hosts/plexy/secrets.yaml
index 04753a0..4426045 100644
--- a/hosts/plexy/secrets.yaml
+++ b/hosts/plexy/secrets.yaml
@@ -1,4 +1,4 @@
-super_secret_api: ENC[AES256_GCM,data:k0iECBf6Q0eJ,iv:aZ9nNh7IMK4Ge/xgZblaO86ZEABBW/f8PJV+Kgj2Y0g=,tag:p9x7IsZYIfaa6hlzRPceQw==,type:str]
+vaultwarden.env: ENC[AES256_GCM,data:ycMVOAwz8mKnHJDeFufJLSeRl57BBg79KG4mEj5kgfHyRy6reJ7qbS/WzpMA2iM84U4gZtzbGB6q+3fFH3OxDamZavfS6Gy3YnLgv7mr2gODnZjtkhMXgF6Um92S9oAPXZ8wKnGWtNhGPNxu0/GT88qoYi1m+fvk/NxZofRiqlZP5KfNvafkL9e4wjxGZsLoJG3Oes4a414JeK6I2C9vcSmRa9mEVFVYqHTRvFbo1AMQXD0wOeOFEJ+QBXCjlXsstJo1+Q==,iv:Ru4oL974IcKtOdmmxRylTu/MO5HFJa8do5KeUSEmoqU=,tag:yrb3qeYHlYNFiCZjEX5PGA==,type:str]
 sops:
     age:
         - recipient: age1sqssntfzzlhcgp0wuf9wmeavg0hmwmq349npsq8vaxj9sxey5s9ssc82sw
@@ -10,7 +10,7 @@ sops:
             eDUxR1V0ZEFSYnZTYnYzakFydEliaFUKoa/gHecAy01vTk7I02KMGGPHZBql5K48
             hkLDjoWK9dkGRX8kqRd028cuMCQRenLpULEECWp6oV+evUdMf7wRtg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-12-30T13:57:31Z"
-    mac: ENC[AES256_GCM,data:OAa6W+v/eeuzSFKbiSzyUoFA40SHYDdhzMzTw35ytBGhfNJRPLNBKnQBnPE1fqkrcc+pQgjrOdhsz+V5EV+ze/7G69HADYxd/G4/zqK3+FyU7CBsNKpoCjXYTcEkBco8t76LEFefmE/BJcUm5JEBZ2Hudnkm50fdyQDIWlips+w=,iv:amKno6v2RUAKOM4Rh126T1RHomxU31MJwmbLkkHc7JU=,tag:/ddTFf1vp7THLK5kh57EzQ==,type:str]
+    lastmodified: "2025-12-30T18:30:45Z"
+    mac: ENC[AES256_GCM,data:wF6s7Ek1leVRL9jnAP4+2MQj1KqkfWBEg5u5sffc799ieeik8G6rvdSSbr4vHlfZhPCJ3KVo+hmPAMy5ckXKmImMc/AvvTUd0BR/N6jlELMB0xKCN9gzJdxfa5JHf7scnca+AK8T2WG0aV6yjGsjGg+WQQF+thMA8LPrXwmQ/1k=,iv:w1W2JWKjwyJr8AB3ZvkSshlCB8he/1YTOwX93ATOUDk=,tag:Quh/sa9sGOk4OKR/Lojp9w==,type:str]
     unencrypted_suffix: _unencrypted
     version: 3.11.0