diff --git a/.sops.yaml b/.sops.yaml
index 375a531..1df20ba 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -1,7 +1,8 @@
 # SOPS encryption policy: encrypt files matching *.sops.yaml
+
 creation_rules:
-  - path_regex: '.*\.sops\.ya?ml$'
-    encrypted_regex: '^(data|secrets|ops)$|(_secret|_password|_key)$'
-    # Replace with your age public key string (from keys/age.pub)
-    age:
-      - 'age1replace_with_your_public_key_here'
+  - path_regex: secrets/.*$
+    key_groups:
+      - age:
+          - age1aq8twfd78wvpra0had8cezcnj96tj4q0068edrz5jez8d6xwmflqdepsh4 
+