diff --git a/agents/fj-shadowfax-x86_64.nix b/agents/fj-shadowfax-x86_64.nix
index d01610b..24051b3 100644
--- a/agents/fj-shadowfax-x86_64.nix
+++ b/agents/fj-shadowfax-x86_64.nix
@@ -14,12 +14,19 @@
   ];
 
   sops.secrets."forgejo-runner-token" = {
-    # configure secret for forwarding rules
+    # configure secret for the gitea/forgejo runner.
     sopsFile = ./secrets.sops.yaml;
     mode = "0444";
     restartUnits = [ "gitea-runner-default.service" ];
   };
 
+  sops.secrets."cachix/agent_auth_tokens/fj-shadowfax-x86_64" = {
+    # configure secret for cachix deploy agent. 
+    sopsFile = ./secrets.sops.yaml;
+    mode = "0444";
+    restartUnits = [ "cachix-agent.service" ];
+  };
+
   nix.settings.trusted-users = [ "gitea-runner" ];
   users.users.jahanson = {
     isNormalUser = true;
@@ -55,5 +62,11 @@
       ];
     };
   };
+
+  services.cachix-agent = {
+    enable = true;
+    credentialsFile = config.sops.secrets."cachix/agent_auth_tokens/fj-shadowfax-x86_64".path;
+  };
+  
   system.stateVersion = "24.05";
 }
\ No newline at end of file
diff --git a/agents/secrets.sops.yaml b/agents/secrets.sops.yaml
index 511f0fd..247df3d 100644
--- a/agents/secrets.sops.yaml
+++ b/agents/secrets.sops.yaml
@@ -1,6 +1,7 @@
 forgejo-runner-token: ENC[AES256_GCM,data:Sp9rTX+D+PA2kyYpYJLwkXVlmhmAedbQf0r5RGZYaLcWIK8GfWXJkBt/oYMgmQ==,iv:u16wUSl+gbmI+oWB1xfmvhiRP4TxThH6VI5hKhAMOf0=,tag:BcetaNT41N4TWQViRLe5pw==,type:str]
 cachix:
-    auth_token: ENC[AES256_GCM,data:n3jORLJwIJ75SASbvsx12SNpVoF4NDtUZ/bPqpmByhzES8WbALVrfpZU98IHntb5UmnyEJjwTy3wjkrdEbMcOIuDvZudh8DLtLWKIvD0Dke0cNlxAY8s/eIsH9Xt6sDctiD23u1hyhugCFC6RJ6VjEGBRWEyISz04tY1xhoBiT11kAG5hj6a9ThTBcF4adqMNm5QFIc=,iv:mQsMX+Z0lT3Dm7Z9DytQtulV88GqChOo3G4y5bZ4NlM=,tag:gyKt0Ojp2c8B0Nr1vILvaw==,type:str]
+    agent_auth_tokens:
+        fj-shadowfax-x86_64: ENC[AES256_GCM,data:zRVf/3VNeQUb029ZMOeQfWMHQvhoMCI3YiNOEZNQ65yXot+J729FInt1IK/MLH9Q3caOE5UXnZ5p9j114c9FlxXDk50PqFGzw6mTLcOzgpKcM5gIjyNZMXdh+sb1sZRUFpeHf/XuGVil9SxlAW09YyP2rsgSYgM7b6YqKe8BvowU6jJ9iGtKdFus9aC0UztC4YUnxHfBjFypGoWwgbODRTd7p1yrSM4I,iv:T18tNm/imVbdN/7y4ejwyFsVnGix1q0xm/Z92yOkzIw=,tag:FCoR3LBO8P+EzPnghFkOCw==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -43,8 +44,8 @@ sops:
             TC9NN3NwNXFPM0RMbmk3NkZBWkpvdUkKvvcdKDCEIo6763hjv5Qlb782jfrDN6wh
             lFfbRNuM9p6KjEIcD4wGcGCngPz3L5BtKqyOpCz62apiJk2fo+ztrA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-05-26T17:18:50Z"
-    mac: ENC[AES256_GCM,data:oNN2RMBxnz3I+A7eg7+DT5NY3Cfd3GUcuG6DLmecc2NDCHJJY9Lh0A4GzcvsJu9X/gq7damHScei1cIxQhmV321y204EOJIbrj7JIp+wgwGhFHj/25/CXaSSM8KK+x3sXGUL2GKm64RMrZUdYqIu7X8sWig43dQTaxIARydRs5k=,iv:4i2w/OyEU0Qz6nobu4/H7MXWFb0piOnefEEtTXTRKPg=,tag:htpF2Ny+Pu0/mTL74asLKw==,type:str]
+    lastmodified: "2024-06-18T22:46:02Z"
+    mac: ENC[AES256_GCM,data:MQaw97FRt83O7VocQywJPXuOtmJl0txwlOiUL5OsMw6huuxyeOpoNBJEoBaEImMWfOYwXh/OjrFVNV64+LEFPtG9op9R72yQZPJJiSly8IDsC61lZSqSKAevSo6b7fGdQn97AdCMRDnHBdfQuwRXLCMK3t24mnD8TJjrgVhXvAE=,iv:GbCl5s5af3/EZr/s3P5ZfRZGxFYW+4luUeLbyDt10WY=,tag:DyiFwppDpD9cpLA56Df16A==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1