diff --git a/.git-crypt/.gitattributes b/.git-crypt/.gitattributes
new file mode 100644
index 0000000..665b10e
--- /dev/null
+++ b/.git-crypt/.gitattributes
@@ -0,0 +1,4 @@
+# Do not edit this file.  To specify the files to encrypt, create your own
+# .gitattributes file in the directory where your files are.
+* !filter !diff
+*.gpg binary
diff --git a/.git-crypt/keys/default/0/D15E4754FE1AEDA15A6D47029AB28AC10ECE533D.gpg b/.git-crypt/keys/default/0/D15E4754FE1AEDA15A6D47029AB28AC10ECE533D.gpg
new file mode 100644
index 0000000..5b8cf6f
Binary files /dev/null and b/.git-crypt/keys/default/0/D15E4754FE1AEDA15A6D47029AB28AC10ECE533D.gpg differ
diff --git a/nix/home-manager/no-gui.nix b/nix/home-manager/no-gui.nix
index 95cbc37..edacfa4 100644
--- a/nix/home-manager/no-gui.nix
+++ b/nix/home-manager/no-gui.nix
@@ -178,22 +178,13 @@
   };
 
   age.secrets.gnupg = {
-    file = ./secrets/gnupg.age;
-    path = "${homeDirectory}/.secrets/gnupg.tar";
+    file = ./secrets/my-gpg.age;
+    path = "${homeDirectory}/.secrets/my-gpg.asc";
   };
 
-  home.activation.extractGnuPG =
-    let
-      gnupg_dir = "${homeDirectory}/.gnupg";
-    in
-    ''
-      #!/bin/sh
-      rm -fr ${gnupg_dir} || true
-      mkdir -p ${gnupg_dir}
-      ${pkgs.gnutar}/bin/tar xf ${config.age.secrets.gnupg.path} -C ${gnupg_dir}
-      find ${gnupg_dir} -type f -exec chmod 600 {} \;
-      find ${gnupg_dir} -type d -exec chmod 700 {} \;
-    '';
+  home.activation.extractGnuPG = ''
+    ${pkgs.gnupg}/bin/gpg --import ${config.age.secrets.gnupg.path}
+  '';
 
   #fish shell!
   programs.fish = import ./progs/fish.nix { inherit pkgs; };
diff --git a/nix/home-manager/secrets/gnupg.age b/nix/home-manager/secrets/gnupg.age
deleted file mode 100644
index 438526a..0000000
Binary files a/nix/home-manager/secrets/gnupg.age and /dev/null differ
diff --git a/nix/home-manager/secrets/my-gpg.age b/nix/home-manager/secrets/my-gpg.age
new file mode 100644
index 0000000..2344279
Binary files /dev/null and b/nix/home-manager/secrets/my-gpg.age differ
diff --git a/nix/home-manager/secrets/secrets.nix b/nix/home-manager/secrets/secrets.nix
index 9cd62a9..43b3368 100644
--- a/nix/home-manager/secrets/secrets.nix
+++ b/nix/home-manager/secrets/secrets.nix
@@ -13,6 +13,6 @@ in
     [
       "server-password.age"
       "borg-laptop-password.age"
-      "gnupg.age"
+      "my-gpg.age"
     ]
 ))