diff --git a/config/hosts/metrics-nekomesh/grafana.nix b/config/hosts/metrics-nekomesh/grafana.nix
index 7697748..8c4255d 100644
--- a/config/hosts/metrics-nekomesh/grafana.nix
+++ b/config/hosts/metrics-nekomesh/grafana.nix
@@ -13,6 +13,7 @@
         admin_user = "admin";
         admin_password = "$__file{/secrets/metrics-nekomesh-grafana-admin-password.secret}";
         admin_email = "fi@nekover.se";
+        secret_key = "$__file{/secrets/metrics-nekomesh-grafana-secret-key.secret}";
       };
       smtp = {
         enabled = true;
diff --git a/config/hosts/metrics-nekomesh/secrets.nix b/config/hosts/metrics-nekomesh/secrets.nix
index ef6bcec..8014354 100644
--- a/config/hosts/metrics-nekomesh/secrets.nix
+++ b/config/hosts/metrics-nekomesh/secrets.nix
@@ -17,6 +17,14 @@
       permissions = "0640";
       uploadAt = "pre-activation";
     };
+    "metrics-nekomesh-grafana-secret-key.secret" = {
+      keyCommand = keyCommandEnv ++ [ "pass" "metrics-nekomesh/grafana/secret-key" ];
+      destDir = "/secrets";
+      user = "grafana";
+      group = "grafana";
+      permissions = "0640";
+      uploadAt = "pre-activation";
+    };
     "mail-nekomesh-nekover-se.secret" = {
       keyCommand = keyCommandEnv ++ [ "pass" "mail/nekomesh-nekover-se" ];
       destDir = "/secrets";