diff --git a/sw/secrets.nix b/sw/secrets.nix
index daca743..3710133 100644
--- a/sw/secrets.nix
+++ b/sw/secrets.nix
@@ -11,6 +11,7 @@
 {
   config,
   lib,
+  pkgs,
   ...
 }:
 
@@ -190,6 +191,9 @@ in
     # Auto-discovered secrets with default permissions
     age.secrets = applicableSecrets // cfg.secrets.extraSecrets;
 
+    # Use rage instead of age for better SSH key support
+    age.ageBin = "${pkgs.rage}/bin/rage";
+
     # Configure identity paths for decryption based on discovered public keys
     # These are added in addition to agenix's defaults
     age.identityPaths = identityPaths;