diff --git a/provision/hosts/torus/configuration.nix b/provision/hosts/torus/configuration.nix
index 476c5f01..f85ebe42 100644
--- a/provision/hosts/torus/configuration.nix
+++ b/provision/hosts/torus/configuration.nix
@@ -150,6 +150,7 @@
     system = {
       terminal.enable = true;
       ssh.enable = true;
+      secrets.enable = true;
     };
   };
   # Did you read the comment?
diff --git a/provision/hosts/torus/wireguard-server.nix b/provision/hosts/torus/wireguard-server.nix
index 653521a4..acdbef02 100644
--- a/provision/hosts/torus/wireguard-server.nix
+++ b/provision/hosts/torus/wireguard-server.nix
@@ -22,7 +22,7 @@
       # The port that WireGuard listens to - recommended that this be changed from default
       listenPort = 51820;
       # Path to the server's private key
-      privateKeyFile = "/engi/apps/wireguard/private";
+      privateKeyFile = "/run/secrets/wireguard/torus";
   
       # This allows the wireguard server to route your traffic to the internet and hence be like a VPN
       postUp = ''
diff --git a/provision/modules/system/secrets.nix b/provision/modules/system/secrets.nix
index 6ca4e913..31f391bd 100644
--- a/provision/modules/system/secrets.nix
+++ b/provision/modules/system/secrets.nix
@@ -17,6 +17,7 @@ in {
       secrets."wireguard/kestrel" = { owner = "${user}"; };
       secrets."wireguard/bulwark" = { owner = "${user}"; };
       secrets."wireguard/adjudicator" = { owner = "${user}"; };
+      secrets."wireguard/torus" = { owner = "${user}"; };
     };
   };
 }
diff --git a/provision/secrets/secrets.yaml b/provision/secrets/secrets.yaml
index 601ec367..db38de78 100644
--- a/provision/secrets/secrets.yaml
+++ b/provision/secrets/secrets.yaml
@@ -4,6 +4,7 @@ wireguard:
     kestrel: ENC[AES256_GCM,data:RLDesKMUtpurv+C2YkxMcbBdiP6cHHUGRCYkgO5Qf6FZLxl4vKRyhTdDzWc=,iv:V/9bpCMTT9YQ8QCNYdpfrhu0lc4Yt5Eu0DJMc0uZkNA=,tag:kFnN7GwT4UKqUyvOdlbXxg==,type:str]
     bulwark: ENC[AES256_GCM,data:wMMZ1zJ2nPvkAFA5SgcSyl1z+9blDqf/6pVp8olmGaXJsbWc+/gBtDKzTog=,iv:2lZdsFYZhiTumRmYN/q2606gpyS7lCjf4cgeaCIjoxo=,tag:o81+t3pRwfomEys1veQecA==,type:str]
     adjudicator: ENC[AES256_GCM,data:sK2e6miw5UDLV0RQa/pSoI3boKn39/z+jEI0OSGQjhv6PXqIx4HiEtZJptM=,iv:2XjVv5gxL+E0fCzi1/3I1bbxLBOAYzmtu5S4VlZwyxU=,tag:8cahB2CJ4YDN/LSGqWUPnQ==,type:str]
+    torus: ENC[AES256_GCM,data:BPID5S71fSlwwu5HaYr25n1N7dznKCWx4CZ3VqppsC7Sc5envnGDm2nnqHU=,iv:8sYeuwxd4typ2n5xq0laQEwc1vc3cFbBx9B38q92/Z4=,tag:t7f8z/Jq3/fTNQasOOpgsA==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -19,8 +20,8 @@ sops:
             ajM3YlJYU21PaHRyaGlUNy84RHN2SE0KAvMFdqnfV0TzfNcBdY7OvRLZrBb9uXSI
             3y50yFhYnyXtWKLQFTwjN6S5dLaZgqhaGhEQyNCQxb5RGZJDR6g7Yw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-11-20T07:18:51Z"
-    mac: ENC[AES256_GCM,data:c2jgENQOU6PpskH67qBlH73/9ETExMIClbBTH5yBHUus6UeghWlQ5JZ7FGv1RtQiJ+sqXIsyyjt8vaGzcqMtMuUPtJP7I/YEz/IylSVuDQu5bi2E5tsuRh0U5bSfL1AP6vzrJ7E36FOGX+vqVtDjzgDcwqR1NzWj91mq+5o0KSY=,iv:5xUPWZC4pHdfdhS+YHkX9EOzJseIkFlfYcyri+jY3mI=,tag:2wTru+9n7E/88ma9zaNocw==,type:str]
+    lastmodified: "2023-11-20T07:39:39Z"
+    mac: ENC[AES256_GCM,data:jucZ9Ofxk1yDLPHHi2M3bX7zvZAYjnigizEKqWi7/Ubn9xOdj6M8XSv0QQhhFpRvggLQf7be4ATATS8P+/9liFy+j9fK+4Zv1ryuYYKTNZyTwbTZfNPR1FholuVDcwSsgR+TmdVHkD4ypOPpTlSFllJbuk1R4ebI48WOJix6ao0=,iv:SbTXmFr9Un1YEpVxi3uMTZmPePZsQR3uWQP40LX+qSc=,tag:to3wH9YnOerEIZ37aAo+lA==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.7.3