diff --git a/home-manager/alacritty/config.nix b/home-manager/alacritty/config.nix
deleted file mode 100644
index 997a629..0000000
--- a/home-manager/alacritty/config.nix
+++ /dev/null
@@ -1,63 +0,0 @@
-pkgs: config:
-{
-  # Gruvbox theme (https://github.com/alacritty/alacritty-theme/blob/master/themes/gruvbox_dark.yaml)
-  colors = {
-    primary = {
-      background = "0x282828";
-      foreground = "0xebdbb2";
-    };
-
-    normal = {
-      black = "0x282828";
-      red = "0xcc241d";
-      green = "0x98971a";
-      yellow = "0xd79921";
-      blue = "0x458588";
-      magenta = "0xb16286";
-      cyan = "0x689d6a";
-      white = "0xa89984";
-    };
-
-    bright = {
-      black = "0x928374";
-      red = "0xfb4934";
-      green = "0xb8bb26";
-      yellow = "0xfabd2f";
-      blue = "0x83a598";
-      magenta = "0xd3869b";
-      cyan = "0x8ec07c";
-      white = "0xebdbb2";
-    };
-  };
-
-  font = {
-    normal = {
-      family = "Hack Nerd Font Mono";
-      style = "Regular";
-    };
-
-    bold = {
-      family = "Hack Nerd Font Mono";
-      style = "Bold";
-    };
-
-    italic = {
-      family = "Hack Nerd Font Mono";
-      style = "Italic";
-    };
-
-    bold_italic = {
-      family = "Hack Nerd Font Mono";
-      style = "Bold Italic";
-    };
-  };
-
-  shell = {
-    program = "${pkgs.bash}/bin/bash";
-    args = [
-      "--login"
-      "-c"
-      "${config.programs.tmux.package}/bin/tmux"
-    ];
-  };
-}
diff --git a/home-manager/alacritty/default.nix b/home-manager/alacritty/default.nix
deleted file mode 100644
index 97fff22..0000000
--- a/home-manager/alacritty/default.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ pkgs, config, ... }:
-{
-  config = {
-    programs.alacritty = {
-      enable = true;
-      settings = import ./config.nix pkgs config;
-    };
-  };
-}
diff --git a/home-manager/keepassxc/config.nix b/home-manager/keepassxc/config.nix
deleted file mode 100644
index 0c574a2..0000000
--- a/home-manager/keepassxc/config.nix
+++ /dev/null
@@ -1,33 +0,0 @@
-{
- General = {
-   ConfigVersion = 2;
- };
-
- Browser = {
-   CustomProxyLocation = "";
-   Enabled = true;
- };
-
- GUI = {
-   MinimizeOnClose = true;
-   MinimizeOnStartup = true;
-   ShowExpiredEntriesOnDatabaseUnlock = false;
-   ShowTrayIcon = true;
-   TrayIconAppearance = "monochrome-light";
- };
-
- PasswordGenerator = {
-   AdditionalChars = "";
-   ExcludedChars = "";
- };
-
- SSHAgent = {
-   Enabled = true;
- };
-
- Security = {
-   ClearClipboardTimeout = 30;
-   ClearSearch = false;
-   EnableCopyOnDoubleClick = true;
- };
-}
diff --git a/home-manager/keepassxc/default.nix b/home-manager/keepassxc/default.nix
index b3a015c..8a560dd 100644
--- a/home-manager/keepassxc/default.nix
+++ b/home-manager/keepassxc/default.nix
@@ -1,8 +1,11 @@
-{ pkgs, lib, ...}:
+{ pkgs, config, ...}:
 
 {
   config = {
     home.packages = [ pkgs.keepassxc ];
-    xdg.configFile."keepassxc/keepassxc.ini".text = lib.generators.toINI {} (import ./config.nix);
+    homeage.file."keepassxc.ini" = {
+      source = ../../secrets/keepassxc.ini.age;
+      symlinks = [ "${config.xdg.configHome}/keepassxc/keepassxc.ini" ];
+    };
   };
 }
diff --git a/nixos/default.nix b/nixos/default.nix
index 09838af..a9cae4f 100644
--- a/nixos/default.nix
+++ b/nixos/default.nix
@@ -1,4 +1,4 @@
-{ pkgs, config, ... }: {
+{ pkgs, config, lib, ... }: {
   imports = [
     ./hardware-configuration.nix
   ];
@@ -10,6 +10,8 @@
   time.timeZone = "Europe/Amsterdam";
   i18n.defaultLocale = "en_US.UTF-8";
 
+  services.gnome.gnome-keyring.enable = lib.mkForce false;
+
   services = {
     xserver = {
       enable = true;
@@ -65,17 +67,21 @@
 
   system.stateVersion = "23.05";
 
-  programs.ssh.knownHosts = {
-    dmz = {
-      hostNames = ["*.dmz"];
-      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAX2IhgHNxC6JTvLu9cej+iWuG+uJFMXn4AiRro9533x";
-      certAuthority = true;
-    };
+  programs.ssh = {
+    startAgent = true;
 
-    hypervisors = {
-      hostNames = ["*.hyp"];
-      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFzRkH3d/KVJQouswY/DMpenWbDFVOnI3Vut0xR0e1tb";
-      certAuthority = true;
+    knownHosts = {
+      dmz = {
+        hostNames = ["*.dmz"];
+        publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAX2IhgHNxC6JTvLu9cej+iWuG+uJFMXn4AiRro9533x";
+        certAuthority = true;
+      };
+
+      hypervisors = {
+        hostNames = ["*.hyp"];
+        publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFzRkH3d/KVJQouswY/DMpenWbDFVOnI3Vut0xR0e1tb";
+        certAuthority = true;
+      };
     };
   };
 
diff --git a/secrets/keepassxc.ini.age b/secrets/keepassxc.ini.age
new file mode 100644
index 0000000..244daf4
Binary files /dev/null and b/secrets/keepassxc.ini.age differ
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index d38e33a..7b8f80f 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -14,4 +14,5 @@ in
   "common-pg-tfbackend.age".publicKeys = publicKeys;
   "ansible-vault-secret.age".publicKeys = publicKeys;
   "powerdns-api-key.json.age".publicKeys = publicKeys;
+  "keepassxc.ini.age".publicKeys = publicKeys; # Secret agent causes private keys in config file.
 }