diff --git a/secrets/identities/age-yubikey-identity-c46cf2cf.txt b/secrets/identities/age-yubikey-identity-c46cf2cf.txt
new file mode 100644
index 00000000..ed73390b
--- /dev/null
+++ b/secrets/identities/age-yubikey-identity-c46cf2cf.txt
@@ -0,0 +1,7 @@
+#       Serial: 10593996, Slot: 1
+#         Name: age-id-0
+#      Created: Mon, 24 Oct 2022 14:47:23 +0000
+#   PIN policy: Once   (A PIN is required once per session, if set)
+# Touch policy: Never  (A physical touch is NOT required to decrypt)
+#    Recipient: age1yubikey1qdxpc9qenrkhqxnu2p6sgyfxhnxcvz99jcaq36uqcztuzsy92q596shqxkf
+AGE-PLUGIN-YUBIKEY-1EJN2ZQYZC3K09NCU47TDH
diff --git a/secrets/identities/personal-5-nfc.txt b/secrets/identities/personal-5-nfc.txt
new file mode 100644
index 00000000..3a0c7a12
--- /dev/null
+++ b/secrets/identities/personal-5-nfc.txt
@@ -0,0 +1 @@
+AGE-PLUGIN-YUBIKEY-1EJN2ZQYZC3K09NCU47TDH
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 76c401ff..546da678 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -1,11 +1,17 @@
 let
   # set ssh public keys here for your system and user
-  dumpyourvms = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILDATEWAgDZFfYs1ZPh33Kg4sqQ9tWMVKyk8XqFu3Koe host@dumpyourvms";
-  ryzensun = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH/l7MfEmt510BMeNjuXNPmZ0brcQidvrrpcea+qJMjX root@ryzensun";
-  teutat3s = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHcU6KPy4b1MQXd6EJhcYwbJu7E+0IrBZF/IP6T7gbMf teutat3s@dumpyourvms";
-  allKeys = [ dumpyourvms ryzensun teutat3s ];
+  machines = {
+    dumpyourvms = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILDATEWAgDZFfYs1ZPh33Kg4sqQ9tWMVKyk8XqFu3Koe host@dumpyourvms";
+    ryzensun = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH/l7MfEmt510BMeNjuXNPmZ0brcQidvrrpcea+qJMjX root@ryzensun";
+  };
+  users = {
+    teutat3s = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHcU6KPy4b1MQXd6EJhcYwbJu7E+0IrBZF/IP6T7gbMf teutat3s@dumpyourvms";
+    teutat3s-5-nfc = "age1yubikey1qdxpc9qenrkhqxnu2p6sgyfxhnxcvz99jcaq36uqcztuzsy92q596shqxkf";
+  };
+  allKeys = [ machines.dumpyourvms machines.ryzensun users.teutat3s users.teutat3s-5-nfc ];
 in
 {
   "example-secret.age".publicKeys = allKeys;
   "environment-secrets.age".publicKeys = allKeys;
+  "test-secret.age".publicKeys = [ users.teutat3s-5-nfc ];
 }
diff --git a/secrets/test-secret.age b/secrets/test-secret.age
new file mode 100644
index 00000000..c6604018
--- /dev/null
+++ b/secrets/test-secret.age
@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> piv-p256 xGzyzw A1jSC1bjLB2+dZyfzSX82aPg42KV5eeW9miblCVG1rmj
+lcgtyo1LahJuAusIGpvvBkdH+QV4h8+f72UTnc5D5qc
+-> .Ro-grease
+4lneNVnOyTnmDpW8R1o/ZrpFy75SnXUzGO80AMaJ8RpqZoM84iSYAHHVFjcr2Sim
+h8Mzfa9IQ8CXfz33YQ
+--- zrwVnHDvgA18vqO5OzvMVSA8Ygktnr2+Fu5tzvxpIXI
+y”‡Ö¢Ç¬î?¦„ù‹Îó­M[n›ô^KË›ž«p7£ÀÞ~MŽ­ž©Dl0>
\ No newline at end of file
diff --git a/users/teutat3s/home.nix b/users/teutat3s/home.nix
index a439f67d..a30bff53 100644
--- a/users/teutat3s/home.nix
+++ b/users/teutat3s/home.nix
@@ -35,6 +35,7 @@ in
       home.packages = with pkgs; [
         AusweisApp2
         consul
+        drone-docker-runner
         gpu-switch
         ifmetric
         ipmitool
@@ -45,6 +46,7 @@ in
         veracrypt
         waypoint
         yubikey-agent
+        age-plugin-yubikey
         nix-autobahn.packages.${pkgs.system}.default
       ];