diff --git a/home/modules/console/tools/ssh.nix b/home/modules/console/tools/ssh.nix
index 9631942..7f9c9ac 100644
--- a/home/modules/console/tools/ssh.nix
+++ b/home/modules/console/tools/ssh.nix
@@ -3,20 +3,21 @@
 let
   inherit (lib) mkIf;
   cfg = config.ooknet.tools.ssh;
-  admin = osConfig.ooknet.host.admin;
 in
 
 {
   config = mkIf cfg.enable {
     programs.ssh = {
       enable = true;
-      extraConfig = /* config */''
-        Host *
-            IdentityAgent "~/.1password/agent.sock"
-      '';
+      compression = true;
+      hashKnownHosts = true;
+      matchBlocks = {
+        "github.com" = {
+          user = "git";
+          hostname = "github.com";
+          identityFile = "${osConfig.age.secrets.github_key.path}";
+        };
+      };
     };
-    programs.fish.interactiveShellInit = mkIf (admin.shell == "fish") /* fish */ ''
-      set -gx SSH_AUTH_SOCK ~/.1password/agent.sock
-    '';
   };
 }
diff --git a/nixos/modules/base/secrets.nix b/nixos/modules/base/secrets.nix
index 7250e21..84a7532 100644
--- a/nixos/modules/base/secrets.nix
+++ b/nixos/modules/base/secrets.nix
@@ -20,5 +20,11 @@ in
       group = "users";
       mode = "400";
     };
+    github_key = mkIf admin.homeManager {
+      file = "${self}/secrets/github_key.age";
+      path = "/home/${admin.name}/.ssh/github_key";
+      owner = "${admin.name}";
+      group = "users";
+    };
   };
 }
diff --git a/secrets/github_key.age b/secrets/github_key.age
new file mode 100644
index 0000000..a5ce29f
Binary files /dev/null and b/secrets/github_key.age differ
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index cd2875f..37c2ce5 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -5,4 +5,5 @@ in
 
 {
   "tailscale-auth.age".publicKeys = [ users.ooks] ++ workstations;
+  "github_key.age".publicKeys = [ users.ooks ] ++ workstations;
 }