diff --git a/secrets.nix b/secrets.nix
index 2f7aa75..95e07bc 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -8,17 +8,18 @@ let
   vno1-oh2 = (import ./data.nix).hosts."vno1-oh2.servers.jakst".publicKey;
   systems = [hel1-a vno1-oh2];
 
-  mk = auth:
-    listToAttrs (
+  mk = auth: keyNames:
+    builtins.listToAttrs (
       map (keyName: {
-        name = key;
+        name = keyName;
         value = {publicKeys = auth;};
       })
-      keys
+      keyNames
     );
 in
   {}
   // mk ([hel1-a] ++ motiejus) [
+    "secrets/hel1-a/headscale/oidc_client_secret2.age"
     "secrets/hel1-a/borgbackup/password.age"
     "secrets/hel1-a/synapse/jakstys_lt_signing_key.age"
     "secrets/hel1-a/synapse/registration_shared_secret.age"
diff --git a/secrets/hel1-a/headscale/oidc_client_secret2.age b/secrets/hel1-a/headscale/oidc_client_secret2.age
new file mode 100644
index 0000000..57f0ed7
--- /dev/null
+++ b/secrets/hel1-a/headscale/oidc_client_secret2.age
@@ -0,0 +1,13 @@
+age-encryption.org/v1
+-> ssh-ed25519 vDjOfg jz7H8dAXkaJmMtiU0pZqbbAyH8ls1rp/EXB4uK+sy3Y
+kjuwJfVg487SwSoacVJ+gCW+A2xdrVSK68KMAlu7xnU
+-> X25519 QWggCwIAPPXvQujRNbFVJByU2E6715tGfMHWQ8c3xhY
+MEhNJuYeOfoGr0B1oTzBXplq5oTGz6CKuSt2McSZTpw
+-> piv-p256 +y2G/w A8QLUewPleBm7W05T1LODNvHxdUIjgVmOuyqiljmyH7M
+C1Ug1YcN0mcCcgMsXIq5mZkNNP8d7FCw8oAQOivHoWE
+-> piv-p256 jNqd3A AxZ7nMY31GeVSnFjRklcxrWA2wFJgj3ndDM+0aof7XG0
+BQl4VBR/5Elo+b4gtTtqiOtpmfbh0BhZnXI9nphcmiI
+-> >Y-grease X4W[ "h W@8'&0
+db5asa9gnAIJyUFnRA
+--- qw4PzG5ZRzpKRQlHYwKnGoqYNiRk3YNjEeKGz6rSh0I
+LYmWb~É–é0žºçŽ>Šé ÌÝ4¦†±Ãiâ,Xú‹'®2â˜lÎ©Ä$žØ®"V¿0!¹ž‹[†IfšžÐZZÕŽÄD*Eâðu¨ˆM±­_JêªŠ
\ No newline at end of file