diff --git a/secrets/github b/secrets/github
new file mode 100644
index 00000000..6f90dc64
Binary files /dev/null and b/secrets/github differ
diff --git a/secrets/gitlab b/secrets/gitlab
new file mode 100644
index 00000000..1d8976ad
Binary files /dev/null and b/secrets/gitlab differ
diff --git a/users/nrd.nix b/users/nrd.nix
index 3fa4d6d6..633be029 100644
--- a/users/nrd.nix
+++ b/users/nrd.nix
@@ -1,9 +1,14 @@
 { lib, ... }:
 let
+  inherit (builtins)
+    toFile
+    ;
+
   inherit (lib)
     fileContents
     ;
 
+
   name = "Timothy DeHerrera";
 in
 {
@@ -48,6 +53,43 @@ in
       };
     };
 
+    programs.ssh = {
+      enable = true;
+      hashKnownHosts = true;
+      identitiesOnly = true;
+
+      matchBlocks = let
+        githubKey = toFile "github"
+          (fileContents ../secrets/github);
+
+        gitlabKey = toFile "gitlab"
+          (fileContents ../secrets/gitlab);
+      in
+        {
+          github = {
+            host = "github.com";
+            identityFile = githubKey;
+            extraOptions = {
+              AddKeysToAgent = "yes";
+            };
+          };
+          gitlab = {
+            host = "gitlab.com";
+            identityFile = gitlabKey;
+            extraOptions = {
+              AddKeysToAgent = "yes";
+            };
+          };
+          "gitlab.company" = {
+            host = "gitlab.company.com";
+            identityFile = gitlabKey;
+            extraOptions = {
+              AddKeysToAgent = "yes";
+            };
+          };
+        };
+    };
+
     services.gng-agent = {
       enable = true;
       defaultCacheTtl = 1800;