diff --git a/cluster/secrets/forge-dbCredentials.age b/cluster/secrets/forge-dbCredentials.age
deleted file mode 100644
index d16c2a2..0000000
--- a/cluster/secrets/forge-dbCredentials.age
+++ /dev/null
@@ -1,13 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 NO562A YQQrnpQI/qyEZugiRwsrPbW4oMYK/rlmRKAdD3JjYz4
-JRGFqNc4BVflfR4WUuEOym39IhZlUI778NtOFtxE8eY
--> ssh-ed25519 5/zT0w utH25Xa9WQK9hXbKWsEWK5LJtCbhjpDX6JaomxnRaCI
-2MfxxDjs0doUTVsGP9942rx1tyCYsDxhlDo1542BhKQ
--> ssh-ed25519 d3WGuA 6qD02cluQEBqEvupHf93Onlpv8QJJSl/bJm/XqyD+gQ
-bLz/ULSaIW6HnPXDKD5dxCbQWv0VC2R+E5wlj7VxOc0
--> Ovax-grease ^1$]}H G4 FpDF XKHkj{
-IVdVFYcVe9PoHCCqM3GG1pM6xgTZ5r8XWlkBjlQimgaDArotF4dPpsSTpyc
---- wdTYr6EpFPFsDJI0qQf74c6ce+v5ek6j+mgAx2CI9uI
-ÜA³×oÈð:±­‹`ÜVd±å(Kät:fk¼’}3*#MJšÁõ]ê,¤éÐÈÍ69i›l`ÛÆJKwAè8­y@Ýœ¯à+&ðÖ©s]ÅÓ–›Ç>~Ší„+Úô
-üÁ»qa©h( YÕeÇjýI•ê·/ð^å~Ý’wÊ
-ÆÜßÌZî!^þRˆéÿv­¾…ïk‹Êp»ÛPÌ)ýÌ†ÍpÓV5²FÎ„ÆÚÙÚÞhBÇ»ßb#Š´ùºãi”»¸9ìQy¹¾Êè‹}€ß	ƒ¬E}~ZHûjmyq{òxŠ–Éôß"”éÀ´C#šójÿÐ.ò§yÔ£¸v¦ÉÐòê<1“Œúâ¾ìßzâš#/êGñ?që
\ No newline at end of file
diff --git a/cluster/services/forge/default.nix b/cluster/services/forge/default.nix
index e8776d9..d4a5640 100644
--- a/cluster/services/forge/default.nix
+++ b/cluster/services/forge/default.nix
@@ -13,7 +13,6 @@
         nodes = server;
         owner = "forgejo";
       };
-      dbCredentials.nodes = server;
     };
   };
 
@@ -23,6 +22,14 @@
     forge.target = config.hostLinks.${host}.forge.url;
   };
 
+  patroni = config.lib.forService "forge" {
+    databases.forge = {};
+    users.forge.locksmith = {
+      nodes = config.services.forge.nodes.server;
+      format = "raw";
+    };
+  };
+
   garage = config.lib.forService "forge" {
     keys.forgejo.locksmith.nodes = config.services.forge.nodes.server;
     buckets.forgejo.allow.forgejo = [ "read" "write" ];
diff --git a/cluster/services/forge/server.nix b/cluster/services/forge/server.nix
index 54ccc4f..67b7a95 100644
--- a/cluster/services/forge/server.nix
+++ b/cluster/services/forge/server.nix
@@ -26,6 +26,7 @@ in
   services.locksmith.waitForSecrets.forgejo = [
     "garage-forgejo-id"
     "garage-forgejo-secret"
+    "patroni-forge"
   ];
 
   services.forgejo = {
@@ -39,7 +40,7 @@ in
       inherit (patroni) port;
       name = "forge";
       user = "forge";
-      passwordFile = secrets.dbCredentials.path;
+      passwordFile = "/run/locksmith/patroni-forge";
     };
     settings = {
       DEFAULT = {