diff --git a/features/photoprism.nix b/features/photoprism.nix
index e1841da..92f942f 100644
--- a/features/photoprism.nix
+++ b/features/photoprism.nix
@@ -1,7 +1,8 @@
 { pkgs, config, ... }:
 {
-  sops.secrets.photoprism = { 
-    sopsFile 
+  sops.secrets.adminPassword = {
+    sopsFile = ../secrets/photoprism.env;
+    format = "dotenv";
   };
 
   services.photoprism = {
@@ -9,8 +10,8 @@
     port = 2342;
     originalsPath = "/var/lib/private/photoprism/originals";
     settings = {
-      PHOTOPRISM_ADMIN_USER = "admin";
-      PHOTOPRISM_ADMIN_PASSWORD = "...";
+      PHOTOPRISM_ADMIN_USER = "lospussyadminos";
+      PHOTOPRISM_ADMIN_PASSWORD = config.sops.secrets.adminPassword;
       PHOTOPRISM_DEFAULT_LOCALE = "fr";
       PHOTOPRISM_DATABASE_DRIVER = "mysql";
       PHOTOPRISM_DATABASE_NAME = "photoprism";
diff --git a/secrets/photoprism.yaml b/secrets/photoprism.yaml
new file mode 100644
index 0000000..221d19a
--- /dev/null
+++ b/secrets/photoprism.yaml
@@ -0,0 +1,30 @@
+adminPassword: ENC[AES256_GCM,data:gX6hXEi7/bxBJ3YcOIZHHzQMwU6i8kw=,iv:Q15rclTjHxsSnZ2Ajn7uvzO171ffCXiQZvsFwVavR2E=,tag:KbagGzCfDYPdiPBhcMNUFg==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1c8kr95dc7cqq34qyjgpnsgfgyntqnt5rlrq2c025ehp32f8h3sjqkf8k3s
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArVmdud05IbEU1VENJVDc4
+            RkJ1TlJaenNCWWZ1WFNqOE5JTVQ1NTJ5T2dRCklzYmlwWTR0VnAyamlNVzI3bmJq
+            MmpMalRRTUNsK3Q0SWtCS01NU0lVV0EKLS0tIEkzY1Nhajh4cEVNMUFSaVdiRjlP
+            ZERSckhJOG9yYjBrN1dJSVRaT1dOblUK7Q/MH1+BhzVfZ6x78ZCwt8TGs+XqNXzk
+            2FjEMxgpwrWLeq2tIVTIth3BKzQwSfHpbbrrM45CKLSo5qNWvuatAQ==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age17pq9xyrcv6tlms9sznnhql6pejue33r0aukn72hzpcn4jykrg33q4u0a3m
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIamZQbUVmMlVpU1R2TG9T
+            YWpUR0JwNDRiTFg5OS9vU2RINTRmVUE0Y2k0CnE5ajhIcWJMQ0czZ0xoVVA2Mzgw
+            Skg4R2tRUFk3bEVVd3FNdnRTZlV5WHMKLS0tIERzK3duM2VqOWxnUkJleHJML0Jl
+            QTBHQTliK1RibXJXMDI4eTJ1dXdiVGsKV9dXgY64y3Nzv01i8m0o+hcYWUxs/s5O
+            vFU2Cwg9ZNDxECE5X11+PUPGS+YoKtUR+T8pwP4+gmfUQym4wML/WA==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-07-27T08:10:13Z"
+    mac: ENC[AES256_GCM,data:M4VDRhHpXsurPzlyQ76LaLZE6/zo157xp/ygQxJGLZevjVJezSb4j22wE/EAlbxBW4J1pLUI4xM5tGy5QppzlEQmHqLhn944013wQSNfgWYkbw4OYSt4U6KedaWSER+fJz2qnYTqdazO3+GbWIOOahDT1l8kZnWJLKVP2W/iPpw=,iv:AyWGPD8Rm563T02ya1y6VOMc6jt3zubO8WQCoEfM9Ww=,tag:6VYjfhOxy1sAwk/kmx0JFQ==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.9.0