diff --git a/hosts/tartarus/configuration.nix b/hosts/tartarus/configuration.nix
index 814b0a2..2bad20b 100644
--- a/hosts/tartarus/configuration.nix
+++ b/hosts/tartarus/configuration.nix
@@ -44,7 +44,6 @@
   hardware.bluetooth.powerOnBoot = true; # powers up the default Bluetooth controller on boot
 
   environment.systemPackages = with pkgs; [
-    inputs.agenix.packages.x86_64-linux.default
     inputs.osbm-nvim.packages.x86_64-linux.default
     nixd
   ];
diff --git a/hosts/ymir/configuration.nix b/hosts/ymir/configuration.nix
index ebb1de6..ea87433 100644
--- a/hosts/ymir/configuration.nix
+++ b/hosts/ymir/configuration.nix
@@ -90,7 +90,6 @@
 
   environment.systemPackages = with pkgs; [
     nvidia-container-toolkit
-    inputs.agenix.packages.x86_64-linux.default
     inputs.osbm-nvim.packages.x86_64-linux.default
     nixd
   ];
diff --git a/modules/common-packages.nix b/modules/common-packages.nix
index 30c558c..a7d4ac5 100644
--- a/modules/common-packages.nix
+++ b/modules/common-packages.nix
@@ -30,7 +30,6 @@
     lolcat
     cmatrix
     inxi
-    age
     jq
     onefetch
     just
diff --git a/modules/secrets.nix b/modules/secrets.nix
index 84fe2a2..73dcbbf 100644
--- a/modules/secrets.nix
+++ b/modules/secrets.nix
@@ -1,17 +1,40 @@
 {
-  age.secrets = {
-    network-manager.file = ../secrets/network-manager.age;
-    ssh-key-private = {
-      file = ../secrets/ssh-key-private.age;
-      path = "/home/osbm/.ssh/id_ed25519";
-      owner = "osbm";
-      mode = "0600";
-    };
-    ssh-key-public = {
-      file = ../secrets/ssh-key-public.age;
-      path = "/home/osbm/.ssh/id_ed25519.pub";
-      owner = "osbm";
-      mode = "0644";
+  config,
+  pkgs,
+  inputs,
+  lib,
+  ...
+}: {
+  options = {
+    myModules.enableSecrets = lib.mkOption {
+      type = lib.types.bool;
+      default = true;
+      description = "Enable agenix secrets management";
     };
   };
+
+  config = lib.mkMerge [
+    (lib.mkIf config.myModules.enableSecrets {
+      environment.systemPackages = with pkgs; [
+        inputs.agenix.packages.x86_64-linux.default
+        age
+      ];
+
+      age.secrets = {
+        network-manager.file = ../secrets/network-manager.age;
+        ssh-key-private = {
+          file = ../secrets/ssh-key-private.age;
+          path = "/home/osbm/.ssh/id_ed25519";
+          owner = "osbm";
+          mode = "0600";
+        };
+        ssh-key-public = {
+          file = ../secrets/ssh-key-public.age;
+          path = "/home/osbm/.ssh/id_ed25519.pub";
+          owner = "osbm";
+          mode = "0644";
+        };
+      };
+    })
+  ];
 }