diff --git a/provision/modules/system/secrets.nix b/provision/modules/system/secrets.nix
index 1a8bb44b..edbaaf8e 100644
--- a/provision/modules/system/secrets.nix
+++ b/provision/modules/system/secrets.nix
@@ -15,6 +15,8 @@ in {
       owner = "${user}";
       group = "users";
     };
+
+    # ssh secrets
     age.secrets."ssh/kestrel/id_ed25519" = {
       file = ../../secrets/ssh/kestrel/id_ed25519.age;
       owner = "${user}";
@@ -25,5 +27,17 @@ in {
       owner = "${user}";
       group = "users";
     };
+
+    # emu secrets
+    age.secrets."emu/switch/prod.keys" = {
+      file = ../../secrets/emu/switch/prod.keys.age;
+      owner = "${user}";
+      group = "users";
+    };
+    age.secrets."emu/switch/title.keys" = {
+      file = ../../secrets/emu/switch/title.keys.age;
+      owner = "${user}";
+      group = "users";
+    };
   };
 }
diff --git a/provision/secrets/emu/switch/prod.keys b/provision/secrets/emu/switch/prod.keys
deleted file mode 100644
index d3d75441..00000000
Binary files a/provision/secrets/emu/switch/prod.keys and /dev/null differ
diff --git a/provision/secrets/emu/switch/prod.keys.age b/provision/secrets/emu/switch/prod.keys.age
new file mode 100644
index 00000000..8077d236
Binary files /dev/null and b/provision/secrets/emu/switch/prod.keys.age differ
diff --git a/provision/secrets/emu/switch/title.keys b/provision/secrets/emu/switch/title.keys
deleted file mode 100644
index 51e835b0..00000000
Binary files a/provision/secrets/emu/switch/title.keys and /dev/null differ
diff --git a/provision/secrets/emu/switch/title.keys.age b/provision/secrets/emu/switch/title.keys.age
new file mode 100644
index 00000000..88e7b425
Binary files /dev/null and b/provision/secrets/emu/switch/title.keys.age differ
diff --git a/provision/secrets/secrets.nix b/provision/secrets/secrets.nix
index 44d30132..8171a6ff 100644
--- a/provision/secrets/secrets.nix
+++ b/provision/secrets/secrets.nix
@@ -10,6 +10,8 @@ let
 in
 {
   "git/github_personal.age".publicKeys = users ++ systems;
+  "emu/switch/prod.keys.age".publicKeys = users ++ systems;
+  "emu/switch/title.keys.age".publicKeys = users ++ systems;
   "wireguard/kestrel.age".publicKeys = users ++ systems;
   "wireguard/torus.age".publicKeys = systems;
   "wireguard/bulwark.age".publicKeys = systems;
@@ -17,7 +19,5 @@ in
   "nextcloud/password.age".publicKeys = systems;
   "ssh/kestrel/id_ed25519.age".publicKeys = [ tstarr_kestrel ] ++ systems;
   "ssh/kestrel/id_ed25519.pub.age".publicKeys = [ tstarr_kestrel ] ++ systems;
-  "emu/switch/prod.keys".publicKeys = users ++ systems;
-  "emu/switch/title.keys".publicKeys = users ++ systems;
 }