diff --git a/common/nix-settings.nix b/common/nix-settings.nix
index eb8555d..a83f77e 100644
--- a/common/nix-settings.nix
+++ b/common/nix-settings.nix
@@ -31,4 +31,9 @@ in
     # use all cores for building
     cores = 0;
   };
+  # TODO: manage access token with sops instead of manual deployment
+  # permissions: needs to be readable by the user invoking nix and root (for nix daemon)
+  nix.extraOptions = ''
+    !include /etc/nix/secrets.conf
+  '';
 }