diff --git a/hosts/alyssum/samba.nix b/hosts/alyssum/samba.nix
index 9e957e9..6be8e09 100644
--- a/hosts/alyssum/samba.nix
+++ b/hosts/alyssum/samba.nix
@@ -1,6 +1,9 @@
 { config, ... }: {
   networking.firewall.allowPing = true;
 
+  age.secrets.passwd_smbcilly.file = ../../secrets/passwd_smbcilly.age;
+  age.secrets.passwd_smbkujira.file = ../../secrets/passwd_smbkujira.age;
+
   users.users.cilly = {
     hashedPasswordFile = config.age.secrets.passwd.path;
     isNormalUser = true;
@@ -11,9 +14,9 @@
   };
   system.activationScripts = {
     init_smbpasswd.text = ''
-      /run/current-system/sw/bin/printf "$(/run/current-system/sw/bin/cat ${config.age.secrets.passwd.path})\n$(/run/current-system/sw/bin/cat ${config.age.secrets.passwd.path})\n" | /run/current-system/sw/bin/smbpasswd -sa cilly
+      /run/current-system/sw/bin/printf "$(/run/current-system/sw/bin/cat ${config.age.secrets.passwd_smbcilly.path})\n$(/run/current-system/sw/bin/cat ${config.age.secrets.passwd_smbcilly.path})\n" | /run/current-system/sw/bin/smbpasswd -sa cilly
 
-      /run/current-system/sw/bin/printf "$(/run/current-system/sw/bin/cat ${config.age.secrets.passwd_kujira.path})\n$(/run/current-system/sw/bin/cat ${config.age.secrets.passwd_kujira.path})\n" | /run/current-system/sw/bin/smbpasswd -sa kujira
+      /run/current-system/sw/bin/printf "$(/run/current-system/sw/bin/cat ${config.age.secrets.passwd_smbkujira.path})\n$(/run/current-system/sw/bin/cat ${config.age.secrets.passwd_smbkujira.path})\n" | /run/current-system/sw/bin/smbpasswd -sa kujira
     '';
   };
 
diff --git a/secrets.nix b/secrets.nix
index d2dbc82..ec20648 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -8,6 +8,8 @@ let
   rin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPru5eTBvHJ4ZmrrzPRHCGM09wQP/ZHSaKYalDuBVO15";
 in {
   "secrets/passwd.age".publicKeys = [ anemone blossom rin ];
+  "secrets/passwd_smbcilly.age".publicKeys = [ alyssum rin ];
+  "secrets/passwd_smbkujira.age".publicKeys = [ alyssum rin ];
   "secrets/wpa_conf.age".publicKeys = [ alyssum blossom rin ];
 
   "secrets/acme_dns.age".publicKeys = [ alyssum dandelion hazel rin ];
diff --git a/secrets/passwd_smbcilly.age b/secrets/passwd_smbcilly.age
new file mode 100644
index 0000000..41ad172
--- /dev/null
+++ b/secrets/passwd_smbcilly.age
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 kOMSPw CQaXT9/nw3NGD2/H/ctSQGXIoacgjfKQ24wkpEieLSQ
+i4xEXgWGQ7xgQyaDQQIeDuiCLjA6Le23qSnv8C1cbcI
+-> ssh-ed25519 U9FXlg GL4dCSCku/FA6ipb9XI1AxO4lhm2r/1lRAeqaGrB32o
++pPgqwnoPi3wJLobTimVMj0rng+XRapRG6jTYFXSsDM
+--- eVgn3ON19pqq+L832bqlbkHUQXdaTI+LfSL4bYfEdew
+Æ*Œl\ÈWç!J7E/´»îò"f@%\ìüÏ[¨òj8fÓ¶›ž
\ No newline at end of file
diff --git a/secrets/passwd_smbkujira.age b/secrets/passwd_smbkujira.age
new file mode 100644
index 0000000..71b6bb8
--- /dev/null
+++ b/secrets/passwd_smbkujira.age
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 kOMSPw Kn+LPMoyOrVwI/nrGgnxgVA3D+tVY9Tccg/Yx/jL+E8
+IfWiSBh7KgNvgcHlcDzfdcB9nxm1zy12Ae7AGm39fdE
+-> ssh-ed25519 U9FXlg 6eIIGEIYDo02FBsgBnwbuOeR8t4xB6jSmLfIL73UCDg
+QOc0ddunQQcVEVD20DKKpn3wZWUSveFJSUTBnv+xnNk
+--- MjN2i0FNzbUpBGUDNgWGXrRsYl2gtsQX+JlzZV/fYdw
+TÎ <ç‘R#dÄ†ÌŽlLkáN¦½º8´cÃ_N¬)±ŠT
\ No newline at end of file