diff --git a/nixos/stolas/default.nix b/nixos/stolas/default.nix
index 46ae536..5f7dfaf 100644
--- a/nixos/stolas/default.nix
+++ b/nixos/stolas/default.nix
@@ -4,7 +4,7 @@
   imports = [
     ../modules/profiles/laptop.nix
     ./disks.nix
-    # TODO ./paperless.nix
+    ./paperless.nix
   ];
 
   nixpkgs = {
diff --git a/nixos/stolas/paperless.nix b/nixos/stolas/paperless.nix
index 7591f0a..a5fa69f 100644
--- a/nixos/stolas/paperless.nix
+++ b/nixos/stolas/paperless.nix
@@ -1,4 +1,4 @@
-{ config }:
+{ config, ... }:
 {
   services.paperless = {
     # TODO migrate DB
@@ -17,4 +17,12 @@
           "d '${cfg.consumptionDir}' 770 ${cfg.user} ${config.users.users.${cfg.user}.group} - -"
       )
     ];
+
+  age.secrets = {
+    paperless = {
+      file = "${config.dadada.secrets.path}/paperless.age";
+      mode = "700";
+      owner = "paperless";
+    };
+  };
 }
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 88f46bd..f449646 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -46,7 +46,8 @@ in
     dadada
   ];
   "paperless.age".publicKeys = [
-    systems.gorgon
+    #systems.gorgon
+    systems.stolas
     dadada
   ];
   "initrd-surgat-ssh_host_ed25519_key.age".publicKeys = [