diff --git a/.sops.yaml b/.sops.yaml
deleted file mode 100644
index 825333b..0000000
--- a/.sops.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
-keys:
-  - &nerf age1rasjnr2tlv9y70sj0z0hwpgpxdc974wzg5umtx2pnc6z0p05u3js6r8sln
-
-  - &nyarlathotep age1s99d0vlj5qlm287n98jratql5fypvjrxxal0k5jl2aw9dcc8kyvqw5yyt4
-
-creation_rules:
-  - path_regex nixos/machines/nyarlathotep/.*
-    key_groups:
-      - age:
-          *nerf
-          *nyarlathotep
-  # this is the catchall clause if nothing above machtes. Encrypt to users but not
-  # to machines
-  - key_groups:
-      - age:
-          *nerf
diff --git a/README.md b/README.md
index 26734c0..a09d76c 100644
--- a/README.md
+++ b/README.md
@@ -109,25 +109,3 @@ is imported as (`../../roles`) in every machine. Notable are the files `nixos/ro
 common admin accounts for these machines and `nixos/roles/nix_keys.nix` which contains the additional trusted
 keys for the nix store.
 
-## sops
-
-We are sharing secrets using [`sops`](https://github.com/getsops/sops) and [`sops-nix`](https://github.com/Mic92/sops-nix)
-As of right now we use only `age` keys.
-The machine keys are derived from their server ssh keys, that they generate at first boot.
-User keys are generated by the users.
-New keys and machines need entries into the `.sops.yaml` file within the root directory of this repo.
-
-To make a secret available on a given machine you need to do the following. Configure the following keys
-
-```
-sops.secrets.example-key = {
-  sopsFile = "relative path to file in the repo containing the secrets (optional else the sops.defaultSopsFile is used)
-  path = "optinal path where the secret gets symlinked to, practical if some programm expects a specific path"
-  owner = user that owns the secret file: config.users.users.nerf.name (for example)
-  group = same as user just with groups: config.users.users.nerf.group
-  mode = "premission in usual octet: 0400 (for example)"
-```
-afterwards the secret should be available in `/run/secrets/example-key`.
-If the accessing process is not root it must be member of the group `config.users.groups.keys`
-for systemd services this can be archived by setting `serviceConfig.SupplementaryGroups = [ config.users.groups.keys.name ];`
-it the service config.
diff --git a/flake.lock b/flake.lock
index 2ad8261..64650eb 100644
--- a/flake.lock
+++ b/flake.lock
@@ -120,49 +120,11 @@
         "type": "github"
       }
     },
-    "nixpkgs-stable": {
-      "locked": {
-        "lastModified": 1694908564,
-        "narHash": "sha256-ducA98AuWWJu5oUElIzN24Q22WlO8bOfixGzBgzYdVc=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "596611941a74be176b98aeba9328aa9d01b8b322",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "release-23.05",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
     "root": {
       "inputs": {
         "flake-parts": "flake-parts",
         "nixos-mailserver": "nixos-mailserver",
-        "nixpkgs": "nixpkgs",
-        "sops-nix": "sops-nix"
-      }
-    },
-    "sops-nix": {
-      "inputs": {
-        "nixpkgs": [
-          "nixpkgs"
-        ],
-        "nixpkgs-stable": "nixpkgs-stable"
-      },
-      "locked": {
-        "lastModified": 1695284550,
-        "narHash": "sha256-z9fz/wz9qo9XePEvdduf+sBNeoI9QG8NJKl5ssA8Xl4=",
-        "owner": "Mic92",
-        "repo": "sops-nix",
-        "rev": "2f375ed8702b0d8ee2430885059d5e7975e38f78",
-        "type": "github"
-      },
-      "original": {
-        "owner": "Mic92",
-        "repo": "sops-nix",
-        "type": "github"
+        "nixpkgs": "nixpkgs"
       }
     },
     "utils": {
diff --git a/flake.nix b/flake.nix
index 727dd91..d2c7384 100644
--- a/flake.nix
+++ b/flake.nix
@@ -10,10 +10,6 @@
         nixpkgs.follows = "";
       };
     };
-    sops-nix = {
-      url = "github:Mic92/sops-nix";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
   };
 
   outputs = inputs@{ flake-parts, ... }:
diff --git a/nixos/flake-module.nix b/nixos/flake-module.nix
index d82fbd4..cca5849 100644
--- a/nixos/flake-module.nix
+++ b/nixos/flake-module.nix
@@ -2,15 +2,6 @@
 
 # This automatically searches for nixos configs in ./machines/${name}/configuration.nix
 # and exposes them as outputs.nixosConfigurations.${name}
-#
-
-# a comment regarding  pkgs.nixos vs lib.nixosSystem
-# while lib.nixosSystem is the usual enduser way to evaluate nixos configurations
-# in flakes, pkgs.nixos sets the package set to the packages it comes from.
-# This spares us tracking our potentiell overlays and own package additions, but just
-# using the right package set to begin with. Using lib.nixosSystem from the flake we would
-# need to specify that again.
-
 { withSystem, lib, inputs, ... }: {
   flake = {
     nixosConfigurations = withSystem "x86_64-linux" ({ pkgs, ... }:
@@ -20,7 +11,7 @@
         pkgs.nixos {
           imports = [
             (import (./. + "/machines/${name}/configuration.nix") inputs)
-            inputs.sops-nix.nixosModules.sops
+            # inputs.secrets.nixosModules.default
           ];
         };
     in lib.genAttrs machines makeSystem);
diff --git a/nixos/roles/default.nix b/nixos/roles/default.nix
index de4eb17..dcfab4f 100644
--- a/nixos/roles/default.nix
+++ b/nixos/roles/default.nix
@@ -25,8 +25,6 @@ users = {
   mutableUsers = false;
 };
 
-sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
-
 environment = {
   systemPackages = builtins.attrValues {
     inherit (pkgs)