diff --git a/example/hosts/secrets/secrets.md b/example/hosts/secrets/secrets.md
new file mode 100644
index 0000000..86d99c6
--- /dev/null
+++ b/example/hosts/secrets/secrets.md
@@ -0,0 +1,3 @@
+# Secrets
+
+This file is for sops-nix and is also where your keys for various secrets will be stored.
diff --git a/example/hosts/secrets/secrets.yaml b/example/hosts/secrets/secrets.yaml
new file mode 100644
index 0000000..e69de29
diff --git a/modules/programs/sops.nix b/modules/programs/sops.nix
index 6a8907b..be52697 100644
--- a/modules/programs/sops.nix
+++ b/modules/programs/sops.nix
@@ -6,6 +6,18 @@
       type = lib.types.bool;
       description = "Enable sops secrets";
     };
+    secrets = lib.mkOption {
+      default = {
+        hub = { };
+        lab = { };
+        ${config.conf.username} = { };
+        nextcloud = { };
+        access = { };
+      };
+      example = { };
+      type = with lib.types; attrsOf anything;
+      description = "secrets for sops";
+    };
   };
   config = lib.mkIf config.mods.sops.enable
     (lib.optionalAttrs (options ? home.packages) {
@@ -16,13 +28,7 @@
           sshKeyPaths = [ ];
         };
         defaultSopsFile = root + /secrets/secrets.yaml;
-        secrets = {
-          hub = { };
-          lab = { };
-          ${config.conf.username} = { };
-          nextcloud = { };
-          access = { };
-        };
+        secrets = config.mods.sops.secrets;
       };
 
       systemd.user.services.mbsync.Unit.After = [ "sops-nix.service" ];