diff --git a/.sops.yaml b/.sops.yaml
index 6d555cf..825333b 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -1,26 +1,16 @@
 keys:
   - &nerf age1rasjnr2tlv9y70sj0z0hwpgpxdc974wzg5umtx2pnc6z0p05u3js6r8sln
-  - &gonne age1xv5rfxkxg9jyqx5jg2j82cxv7w7ep4a3795p4yl5fuqf38f3m3eqfnefju
 
   - &nyarlathotep age1s99d0vlj5qlm287n98jratql5fypvjrxxal0k5jl2aw9dcc8kyvqw5yyt4
-  - &bragi age1lqvgpmlemyg9095ujck64u59ma29656zs7a4yxgz4s6u5cld2ccss69jwe
 
 creation_rules:
-  - path_regex: nixos/machines/nyarlathotep/.*
+  - path_regex nixos/machines/nyarlathotep/.*
     key_groups:
       - age:
-        - *nerf
-        - *gonne
-        - *nyarlathotep
-  - path_regex: nixos/machines/bragi/.*
-    key_groups:
-      - age:
-        - *nerf
-        - *gonne
-        - *bragi
+          *nerf
+          *nyarlathotep
   # this is the catchall clause if nothing above machtes. Encrypt to users but not
   # to machines
   - key_groups:
       - age:
-        - *nerf
-        - *gonne
+          *nerf