diff --git a/hosts/pala/default.nix b/hosts/pala/default.nix
index add1ba3..649527a 100644
--- a/hosts/pala/default.nix
+++ b/hosts/pala/default.nix
@@ -6,6 +6,16 @@ in {
 
   type = "desktop";
 
+  secrets.id.file      = ./id.age;
+  secrets.id-cull.file = ./id-cull.age;
+  secrets.id-no.file   = ./id-no.age;
+
+  services.openssh.extraConfig = /* sshclientconfig */ ''
+    HostKey ${config.secrets.id.path}
+    HostKey ${config.secrets.id-cull.path}
+    HostKey ${config.secrets.id-no.path}
+  '';
+
   networking.hostName = "pala";
 
   users.users.pala = {
diff --git a/hosts/pala/id-cull.age b/hosts/pala/id-cull.age
new file mode 100644
index 0000000..37684bb
Binary files /dev/null and b/hosts/pala/id-cull.age differ
diff --git a/hosts/pala/id-no.age b/hosts/pala/id-no.age
new file mode 100644
index 0000000..33be430
Binary files /dev/null and b/hosts/pala/id-no.age differ
diff --git a/hosts/pala/id.age b/hosts/pala/id.age
new file mode 100644
index 0000000..dd61a45
Binary files /dev/null and b/hosts/pala/id.age differ
diff --git a/secrets.nix b/secrets.nix
index e013ff2..1a8a8a2 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -1,5 +1,5 @@
 let
-  inherit (import ./keys.nix) best disk nine admins all;
+  inherit (import ./keys.nix) admins all best disk nine pala;
 in {
   # best
   "hosts/best/id.age".publicKeys            = [ best ] ++ admins;
@@ -33,6 +33,11 @@ in {
 
   "hosts/nine/github2forgejo/environment.age".publicKeys = [ nine ] ++ admins;
 
+  # pala
+  "hosts/pala/id.age".publicKeys      = [ pala ] ++ admins;
+  "hosts/pala/id-cull.age".publicKeys = [ pala ] ++ admins;
+  "hosts/pala/id-no.age".publicKeys   = [ pala ] ++ admins;
+
   # shared
   "modules/common/ssh/config.age".publicKeys     = all;
   "modules/linux/restic/password.age".publicKeys = all;