diff --git a/usb-secrets.nix b/usb-secrets.nix
index 07f8a4a..5d7c47a 100644
--- a/usb-secrets.nix
+++ b/usb-secrets.nix
@@ -5,13 +5,18 @@
   ...
 }:
 {
+  systemd.services.agenix-install-secrets.after = [ "usb-secrets.service" ];
+
   # Extract USB secrets key in main system before agenix
   systemd.services.usb-secrets = {
     description = "Extract USB secrets key";
     wantedBy = [ "sysinit.target" ];
-    before = [ "agenix.service" ];
+    before = [ "sysinit.target" ];
     wants = [ "local-fs.target" ];
-    after = [ "local-fs.target" ];
+    after = [
+      "local-fs.target"
+      "systemd-udev-settle.service"
+    ];
     unitConfig.DefaultDependencies = false;
     serviceConfig = {
       Type = "oneshot";
@@ -27,19 +32,37 @@
       fi
 
       # Wait for USB devices
+      echo "Waiting for USB device /dev/disk/by-label/SECRETS..."
       for i in {1..30}; do
-        [ -e /dev/disk/by-label/SECRETS ] && break
+        if [ -e /dev/disk/by-label/SECRETS ]; then
+          echo "USB device found after $i seconds"
+          break
+        fi
+        echo "Attempt $i: USB device not found, waiting..."
         sleep 1
       done
 
+      if [ ! -e /dev/disk/by-label/SECRETS ]; then
+        echo "ERROR: USB device /dev/disk/by-label/SECRETS not found after 30 seconds"
+        echo "Available devices:"
+        ls -la /dev/disk/by-label/ || true
+        exit 1
+      fi
+
+      # Give device a moment to be fully ready for mounting
+      echo "Device found, waiting 2 seconds for device to be ready..."
+      sleep 2
+
       # Mount USB and copy key
-      if mount /dev/disk/by-label/SECRETS /mnt/usb 2>/dev/null; then
+      echo "Attempting to mount /dev/disk/by-label/SECRETS to /mnt/usb..."
+      if ${pkgs.util-linux}/bin/mount /dev/disk/by-label/SECRETS /mnt/usb; then
+        echo "Mount successful"
         if [ -f /mnt/usb/usb-secrets-key ]; then
-          install -m 600 /mnt/usb/usb-secrets-key /run/secrets/usb-secrets-key
-          umount /mnt/usb
+          ${pkgs.coreutils}/bin/install -m 600 /mnt/usb/usb-secrets-key /run/secrets/usb-secrets-key
+          ${pkgs.util-linux}/bin/umount /mnt/usb
           echo "USB secrets key loaded"
         else
-          umount /mnt/usb
+          ${pkgs.util-linux}/bin/umount /mnt/usb
           echo "Key file not found"
           exit 1
         fi
@@ -55,4 +78,4 @@
   systemd.tmpfiles.rules = [
     "d /run/secrets 0700 root root -"
   ];
-}
\ No newline at end of file
+}