diff --git a/cluster/secrets/forge-s3AccessKeyID.age b/cluster/secrets/forge-s3AccessKeyID.age
deleted file mode 100644
index 1d3cdce..0000000
--- a/cluster/secrets/forge-s3AccessKeyID.age
+++ /dev/null
@@ -1,9 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 NO562A 5NtIVE60zj6mR2+/2N0eS6lWTkddt3rsDWHZpNefLAo
-5b8sLEf76HReLUuBcTVjTOnzjrVdwcxnG0TraO+eHww
--> ssh-ed25519 5/zT0w RbikYmV32iG1QgMDiObNPV+GZOW35K6hbx2n2eLCvno
-bXVeCmC2UpnTx8Udpx657mMGqRvYO7Gn53YwtW6NJEk
--> ssh-ed25519 d3WGuA 4+sPg6CCmOxlJUls3qZpWvN+f2V4SHRXhrBxKQPQyho
-z2TCvvpOZ8Nh4IQ0oPKD1yj0dP3rnLMzuvRpZxE2SSU
---- aj9laXQ3ccpGvhDpYIrpPzxfC4G6A5LdCkaWFSgUXUY
-0žÜ¾KÿWðúÉ=þ,nÃÑðŽ—½O{9Z±HÇN\—ûwšá‡Ž#›•Ù´gYÊD¬PåJÿÀ
\ No newline at end of file
diff --git a/cluster/secrets/forge-s3SecretAccessKey.age b/cluster/secrets/forge-s3SecretAccessKey.age
deleted file mode 100644
index 5637d4d..0000000
Binary files a/cluster/secrets/forge-s3SecretAccessKey.age and /dev/null differ
diff --git a/cluster/services/forge/default.nix b/cluster/services/forge/default.nix
index 8f28ed4..4b591c9 100644
--- a/cluster/services/forge/default.nix
+++ b/cluster/services/forge/default.nix
@@ -14,8 +14,6 @@
         owner = "forgejo";
       };
       dbCredentials.nodes = server;
-      s3AccessKeyID.nodes = server;
-      s3SecretAccessKey.nodes = server;
     };
   };
 
@@ -24,7 +22,7 @@
   in config.hostLinks.${host}.forge.url;
 
   garage = {
-    keys.forgejo = { };
+    keys.forgejo.locksmith.nodes = config.services.forge.nodes.server;
     buckets.forgejo.allow.forgejo = [ "read" "write" ];
   };
 }
diff --git a/cluster/services/forge/server.nix b/cluster/services/forge/server.nix
index 3375f94..4e93211 100644
--- a/cluster/services/forge/server.nix
+++ b/cluster/services/forge/server.nix
@@ -23,6 +23,11 @@ in
     ];
   };
 
+  services.locksmith.waitForSecrets.forgejo = [
+    "garage-forgejo-id"
+    "garage-forgejo-secret"
+  ];
+
   services.forgejo = {
     enable = true;
     package = depot.packages.forgejo;
@@ -73,8 +78,8 @@ in
     };
     secrets = {
       storage = {
-        MINIO_ACCESS_KEY_ID = secrets.s3AccessKeyID.path;
-        MINIO_SECRET_ACCESS_KEY = secrets.s3SecretAccessKey.path;
+        MINIO_ACCESS_KEY_ID = "/run/locksmith/garage-forgejo-id";
+        MINIO_SECRET_ACCESS_KEY = "/run/locksmith/garage-forgejo-secret";
       };
     };
   };