diff --git a/modules/ai-tools.nix b/modules/ai-tools.nix
index 4811772..692b9e1 100644
--- a/modules/ai-tools.nix
+++ b/modules/ai-tools.nix
@@ -1,9 +1,12 @@
 {inputs, ...}: {
 	den.aspects.ai-tools.homeManager = {
+		lib,
 		pkgs,
 		inputs',
 		...
-	}: {
+	}: let
+		opencodeSecretPath = "/run/secrets/opencode-api-key";
+	in {
 		home.packages = [
 			inputs'.llm-agents.packages.claude-code
 			inputs'.llm-agents.packages.pi
@@ -11,6 +14,13 @@
 			pkgs.cog-cli
 		];
 
+		programs.nushell.extraEnv =
+			lib.mkAfter ''
+				if ("${opencodeSecretPath}" | path exists) {
+					$env.OPENCODE_API_KEY = (open --raw "${opencodeSecretPath}" | str trim)
+				}
+			'';
+
 		home.file = {
 			"AGENTS.md".source = ./_ai-tools/AGENTS.md;
 			".pi/agent/extensions/pi-elixir" = {
diff --git a/modules/hosts/chidi.nix b/modules/hosts/chidi.nix
index 59e5535..ae12218 100644
--- a/modules/hosts/chidi.nix
+++ b/modules/hosts/chidi.nix
@@ -17,6 +17,13 @@
 					networking.hostName = "chidi";
 					networking.computerName = "chidi";
 
+					sops.secrets.opencode-api-key = {
+						sopsFile = ../../secrets/opencode-api-key;
+						format = "binary";
+						owner = "cschmatzler";
+						path = "/run/secrets/opencode-api-key";
+					};
+
 					environment.systemPackages = with pkgs; [
 						slack
 					];
diff --git a/modules/hosts/jason.nix b/modules/hosts/jason.nix
index af7a17b..eef0fde 100644
--- a/modules/hosts/jason.nix
+++ b/modules/hosts/jason.nix
@@ -15,6 +15,13 @@
 				darwin = {...}: {
 					networking.hostName = "jason";
 					networking.computerName = "jason";
+
+					sops.secrets.opencode-api-key = {
+						sopsFile = ../../secrets/opencode-api-key;
+						format = "binary";
+						owner = "cschmatzler";
+						path = "/run/secrets/opencode-api-key";
+					};
 				};
 			})
 	];
diff --git a/modules/hosts/tahani.nix b/modules/hosts/tahani.nix
index 40f6706..3a6be24 100644
--- a/modules/hosts/tahani.nix
+++ b/modules/hosts/tahani.nix
@@ -37,6 +37,12 @@
 					networking.hostName = "tahani";
 
 					sops.secrets = {
+						opencode-api-key = {
+							sopsFile = ../../secrets/opencode-api-key;
+							format = "binary";
+							owner = "cschmatzler";
+							path = "/run/secrets/opencode-api-key";
+						};
 						tahani-paperless-password = {
 							sopsFile = ../../secrets/tahani-paperless-password;
 							format = "binary";
diff --git a/secrets/opencode-api-key b/secrets/opencode-api-key
new file mode 100644
index 0000000..eff136b
--- /dev/null
+++ b/secrets/opencode-api-key
@@ -0,0 +1,30 @@
+{
+	"data": "ENC[AES256_GCM,data:WJ5h0CfBuy4wQ8be8m126mAh8PZp/MQOUhgE5AhlyRx5ZMv3tZh5ZBqjeY9/mPeu5xDQ05/j6W+DYOY3Miv0ZBivAZE=,iv:xAepNlWUrUs8v9RfVWWGFuijrXrqroydUfr7+1oXzME=,tag:qdKmjo4urIznsgZdHUMqWA==,type:str]",
+	"sops": {
+		"age": [
+			{
+				"recipient": "age1xate984yhl9qk9d4q99pyxmzz48sq56nfhu8weyzkgum4ed5tc5shjmrs7",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1SktQSmxuSG5MY2ErNUEx\neEd0Q1RsSzhaUjgyQnViQ2hhd09UNDFzcVJBCjg0R0M4ZnB1UFBEcDNJQXFjWnlO\nQVhSeURHVnorcUVnczBtdU04WDhRODgKLS0tIEJxNm9teWIyUXhzbU1EY2l1WVBk\nZG9xUlh1cDhiQmdsYnZpNVNOTUY5ajAKPyt8ZIKTfu0azAFezj7rtSJX8X4rO712\n0w8MAvnLM8k5ij6nJtR3HylwLmZ9AfMSq4Aikl+oRu7rXs26JvPbZA==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1njjegjjdqzfnrr54f536yl4lduqgna3wuv7ef6vtl9jw5cju0grsgy62tm",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSWU5qSDBNY2d2YnNvVHU4\ncElNT0s0R0N3U3pjYW9kVGxFV2thY3QzYTB3CkdGRUhVMUdvR1dwdVdnZ3o0M0ZH\neXV0VUZyaFRBbEN1RXR6RGJ6RmIySjgKLS0tIGZGc3Voa09CNDFoMXVyZTJmME1Z\neldyMVAyd3pTZzB4RVhTRzZVOGs3NVkKyP8sIk/Oy1GXxG0tw8Ocjerfze+eIrNW\n5XYA96ct/2M2jiPdTxg2yEI5a9wycDkzNIzE95Xyfl3LkY8864wAMQ==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age187jl7e4k9n4guygkmpuqzeh0wenefwrfkpvuyhvwjrjwxqpzassqq3x67j",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJVHF0N2hHTHprQlpSYW8r\nMmpIZmZIT2QzNXYxTE4vc05wcXhTQzQ5clg0CktzRGFpeEVYMXA4RnV4TVdJNk04\nM3ltL2ZyczloR3NNWm01cE16NmJNemsKLS0tIDBHczRiUVhnZHlrTmdocmNQY2NK\naU5VYWZ4QWFuK0h4cUZGOGxUL3QzQ0kKtsuW7yl1/t7q9kUhTtK0G5G950Bi5n5w\n7cxX/pfMtgPhOh3NMoeuTxc9sH4pTIthRmaLVJ+GzEc4KsMJhOp+rA==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1ez6j3r5wdp0tjy7n5qzv5vfakdc2nh2zeu388zu7a80l0thv052syxq5e2",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLK0Z5UHpwdTFRM3dNL2FC\najdScHp1R1pHM0ZyMk1reENnTFlnTldVNTJJCmxVcVY1OHlrWExIeSs4bTBwQklE\nU0NkUnVmdlVuOHcrWjJpRFU4WTc5ZlEKLS0tIFhheExxWHBIcDBqL290WEpJK0sw\nRTZKbzRWMmJhVVVGT3A1UWJQUE1QS3cKp+jmuHUvZKbPx+/gxQUSz7QV1jLuIzP5\ne1jkJ2rJT2i8snAvihd8bsjRSFmoUnEg6kV8f0OteezNbkZoNhd30Q==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1tlymdmaukhwupzrhszspp26lgd8s64rw4vu9lwc7gsgrjm78095s9fe9l3",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzRmpkdloxdU1DRmF1Tzg4\nYSt3bks0Y21OQW5DS2JRU0ZMMHZJV2xLc0dRCmRORFliS3A0QTR1Uzc0ckd3cHA4\nRnNrdVBISG5NcjhrNDRoUnl4c2dPL1UKLS0tIHA5aW9GQkdXU0VNRHd6aEpoSzhJ\nSmd5OU1ESGJqMFVZdGhBMkdYTmlsRWsKLN36pDsdf06Rn9RLxfh46nX5u0dfyoe8\n/VvQiaWoj2/pv8NmwdFzdJQ0mTKkvEdxxY/Jk0YK+GQA/NGIVIIoWQ==\n-----END AGE ENCRYPTED FILE-----\n"
+			}
+		],
+		"lastmodified": "2026-03-23T09:09:07Z",
+		"mac": "ENC[AES256_GCM,data:phFpHUzJ/7rd1k1fr9YFD2FplXV3Qv5zFni00fAgG2VtVoIdFYeNRE0EEh2ulnKcIXjB/5lZuMss2bIoBt4i46BB2ZHTpnWksbeHowdgkHL+eXT1F7b11S1y9NEKc/ug3jarPwyj3usmVQJlllAzANCQHGrYQdBrFXvFae3cH40=,iv:4v3k4q0SxyTvHoqr2Abf6OhAcANCT9oWTa5Kwlb5GCs=,tag:Hn+fUEmOu7fWc7SSBe5yfA==,type:str]",
+		"version": "3.12.2"
+	}
+}