diff --git a/.gitattributes b/.gitattributes
index 2775dbc..d688e0f 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -2,3 +2,4 @@
 *.yml linguist-detectable
 
 /secrets/** filter=git-crypt diff=git-crypt
+/newinfra/secrets-git-crypt/** filter=git-crypt diff=git-crypt
diff --git a/newinfra/nix/hive.nix b/newinfra/nix/hive.nix
index 76bf67f..d8aac22 100644
--- a/newinfra/nix/hive.nix
+++ b/newinfra/nix/hive.nix
@@ -117,6 +117,7 @@
       (modulesPath + "/profiles/qemu-guest.nix")
       ./modules/contabo
       ./modules/ingress
+      ./modules/minio
       ./modules/widetom
     ];
 
diff --git a/newinfra/nix/modules/minio/default.nix b/newinfra/nix/modules/minio/default.nix
new file mode 100644
index 0000000..30420a1
--- /dev/null
+++ b/newinfra/nix/modules/minio/default.nix
@@ -0,0 +1,9 @@
+{ config, ... }: {
+  age.secrets.minio_env_file.file = ../../secrets/minio_env_file.age;
+
+  services.minio = {
+    enable = true;
+    region = "eu";
+    rootCredentialsFile = config.age.secrets.minio_env_file.path;
+  };
+}
diff --git a/newinfra/nix/secrets/minio_env_file.age b/newinfra/nix/secrets/minio_env_file.age
new file mode 100644
index 0000000..5f3f794
--- /dev/null
+++ b/newinfra/nix/secrets/minio_env_file.age
@@ -0,0 +1,6 @@
+age-encryption.org/v1
+-> ssh-ed25519 cVCt6g aURyPoqVOIH8dVpkyn+mb8rxwv1hw2hazAgLj/qDxzM
+bOkR3mOiK9pA8CQxTGLpd52UyrTWvZ4cPz4m/khin5w
+--- ALJ+6QKzH/CrCZ8FzdeWFRFZKFt6YOF0bKpLri7yCpU
+ºòNB¤aøŸJya¹«ïÝß»Â8ôó—[½‹Õ‡é¶¼˜†CÉ³7X“¾³MB»ºC!«¶ÿc‹pm_wD¤äézÍoà¸¢îóHéª'›Ûi§	ã
+®…ÆóÓi8ÅýÉ›:t/=`OüªkZÒ±
\ No newline at end of file
diff --git a/newinfra/nix/secrets/secrets.nix b/newinfra/nix/secrets/secrets.nix
index 8501dac..239962f 100644
--- a/newinfra/nix/secrets/secrets.nix
+++ b/newinfra/nix/secrets/secrets.nix
@@ -5,4 +5,5 @@ in
   "widetom_bot_token.age".publicKeys = [ vps1 ];
   "widetom_config_toml.age".publicKeys = [ vps1 ];
   "docker_registry_password.age".publicKeys = [ vps1 ];
+  "minio_env_file.age".publicKeys = [ vps1 ];
 }
diff --git a/newinfra/secrets-git-crypt/minio_env_file b/newinfra/secrets-git-crypt/minio_env_file
new file mode 100644
index 0000000..40fc20d
Binary files /dev/null and b/newinfra/secrets-git-crypt/minio_env_file differ
diff --git a/secrets/widetom/bot_token b/newinfra/secrets-git-crypt/widetom_bot_token
similarity index 100%
rename from secrets/widetom/bot_token
rename to newinfra/secrets-git-crypt/widetom_bot_token
diff --git a/secrets/widetom/config.toml b/newinfra/secrets-git-crypt/widetom_config.toml
similarity index 100%
rename from secrets/widetom/config.toml
rename to newinfra/secrets-git-crypt/widetom_config.toml