diff --git a/configuration/nginx/ssl.nix b/configuration/nginx/ssl.nix
index 4cea508..7abc38e 100644
--- a/configuration/nginx/ssl.nix
+++ b/configuration/nginx/ssl.nix
@@ -64,5 +64,10 @@
         in
         ''${pkgs.runtimeShell} -c '${confirm}' '';
     };
+
+    sops.secrets = {
+      "porkbun/api-key".owner = "acme";
+      "porkbun/secret-api-key".owner = "acme";
+    };
   };
 }
diff --git a/configuration/services/backups.nix b/configuration/services/backups.nix
index 688f5f9..0ae8abf 100644
--- a/configuration/services/backups.nix
+++ b/configuration/services/backups.nix
@@ -265,5 +265,18 @@ in
       };
       groups.backup = { };
     };
+
+    sops.secrets = {
+      "restic/storagebox-backups" = {
+        owner = "root";
+        group = "backup";
+        mode = "0440";
+      };
+      "restic/storagebox-ssh-key" = {
+        owner = "backup";
+        group = "backup";
+        mode = "0040";
+      };
+    };
   };
 }
diff --git a/configuration/sops.nix b/configuration/sops.nix
index 0337438..a5b19f6 100644
--- a/configuration/sops.nix
+++ b/configuration/sops.nix
@@ -38,30 +38,12 @@
         group = "nextcloud";
       };
 
-      # Porkbub/ACME
-      "porkbun/api-key" = {
-        owner = "acme";
-      };
-      "porkbun/secret-api-key" = {
-        owner = "acme";
-      };
-
       # Restic
       "restic/local-backups" = {
         owner = "root";
         group = "backup";
         mode = "0440";
       };
-      "restic/storagebox-backups" = {
-        owner = "root";
-        group = "backup";
-        mode = "0440";
-      };
-      "restic/storagebox-ssh-key" = {
-        owner = "backup";
-        group = "backup";
-        mode = "0040";
-      };
 
       # Steam
       "steam/tlater" = { };