diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index e612427..807cc2a 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -1,16 +1,12 @@
 let
-  adisbladis = builtins.readFile ../users/keys/adisbladis;
-  mic92 = builtins.readFile ../users/keys/mic92;
-  ryantm = builtins.readFile ../users/keys/ryantm;
-  zimbatm = builtins.readFile ../users/keys/zimbatm;
-  zowoq = builtins.readFile ../users/keys/zowoq;
+  users = map (name: builtins.readFile ../users/keys/${name}) userNames;
 
-  users = [
-    adisbladis
-    mic92
-    ryantm
-    zimbatm
-    zowoq
+  userNames = [
+    "adisbladis"
+    "mic92"
+    "ryantm"
+    "zimbatm"
+    "zowoq"
   ];
 
   inherit ((import ../modules/shared/known-hosts.nix).programs.ssh) knownHosts;
@@ -19,24 +15,32 @@ let
   build03 = knownHosts.build03.publicKey;
   build04 = knownHosts.build04.publicKey;
   darwin02 = knownHosts.darwin02.publicKey;
+
+  secrets = {
+    hercules-binary-caches = [
+      build03
+      build04
+      darwin02
+    ];
+    hercules-cluster-join-token = [
+      build03
+      build04
+      darwin02
+    ];
+    # hercules-secrets are only needed on linux
+    hercules-secrets = [
+      build03
+      build04
+    ];
+    hetzner-borgbackup-ssh = [
+      build02
+      build03
+    ];
+  };
 in
-{
-  "hercules-binary-caches.age".publicKeys = users ++ [
-    build03
-    build04
-    darwin02
-  ];
-  "hercules-cluster-join-token.age".publicKeys = users ++ [
-    build03
-    build04
-    darwin02
-  ];
-  "hercules-secrets.age".publicKeys = users ++ [
-    build03
-    build04
-  ]; # hercules-secrets are only needed on linux
-  "hetzner-borgbackup-ssh.age".publicKeys = users ++ [
-    build02
-    build03
-  ];
-}
+builtins.listToAttrs (
+  map (secretName: {
+    name = "${secretName}.age";
+    value.publicKeys = secrets."${secretName}" ++ users;
+  }) (builtins.attrNames secrets)
+)