diff --git a/.sops.yaml b/.sops.yaml
index 588f13a..784972b 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -2,6 +2,7 @@ keys:
   - &nerf age1rasjnr2tlv9y70sj0z0hwpgpxdc974wzg5umtx2pnc6z0p05u3js6r8sln
   - &gonne age1epz92k2rkp43hkrg3u0jgkzhnkwx8y43kag7rvfzwl9wcddelvusyetxl7
   - &daniel age1mmpdvzy6d23qyhrl55jtv3c25pus2wwfplx9tujmqps2xsreuv8qwc6gv5
+  - &totallynotadolphin age1m7l4x2zdgn7akgg5mkm9quen3u9sm0785tzm7vl000anuqrwwg6s5urenn
 
   - &bragi age1lqvgpmlemyg9095ujck64u59ma29656zs7a4yxgz4s6u5cld2ccss69jwe
   - &lobon age12nz7dtc0m5wasxm4r9crtkgwnzvauyfp0xh0n8z8jld0arn9ea9qe0agvn
@@ -14,6 +15,7 @@ creation_rules:
         - *nerf
         - *gonne
         - *daniel
+        - *totallynotadolphin
         - *nyarlathotep
   - path_regex: nixos/machines/bragi/.*
     key_groups:
@@ -21,6 +23,7 @@ creation_rules:
         - *nerf
         - *gonne
         - *daniel
+        - *totallynotadolphin
         - *bragi
   - path_regex: nixos/machines/lobon/.*
     key_groups:
@@ -28,6 +31,7 @@ creation_rules:
         - *nerf
         - *gonne
         - *daniel
+        - *totallynotadolphin
         - *lobon
   # this is the catchall clause if nothing above machtes. Encrypt to users but not
   # to machines
@@ -36,3 +40,4 @@ creation_rules:
         - *nerf
         - *gonne
         - *daniel
+        - *totallynotadolphin
diff --git a/nixos/roles/admins.nix b/nixos/roles/admins.nix
index 2719032..b3ae289 100644
--- a/nixos/roles/admins.nix
+++ b/nixos/roles/admins.nix
@@ -29,6 +29,15 @@ with lib; let
         "nix.mathebau.firespike.de-1:OmST0YGbAaBjPo5xSM5Bqwk6/W5o7B5CnW/NDr0NacI="
       ];
     };
+    totallynotadolphin = {
+      hashedPassword = "$y$j9T$7DJ8VXEx1oB1holOY5U5q1$rSeGtWxDCWeOLpqmmkxYe8DCnb6uowUWafMGODTPQL.";
+      sshKeys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJRXBT1k40iWHwMVcStnV8jbpXbT3DXrwRURC+GkxEuc dolphin"
+      ];
+      nixKeys = [
+        "ocean.mathebau.de-1:G3Jz3mErIy8Mq8Ih+A5pbwDrx7vREcOpKgY8JCQ9dAk="
+      ];
+    }
   };
 
   mkAdmin = name: {