diff --git a/modules/nixos/features/ntfy-sh.nix b/modules/nixos/features/ntfy-sh.nix
index 4ee0a1b..de396ff 100644
--- a/modules/nixos/features/ntfy-sh.nix
+++ b/modules/nixos/features/ntfy-sh.nix
@@ -1,3 +1,7 @@
+{
+  config,
+  ...
+}:
 let
   port = 5002;
   certloc = "/var/lib/acme/fi33.buzz";
@@ -8,6 +12,7 @@ in
   services = {
     ntfy-sh = {
       enable = true;
+      environmentFile = config.age.secrets.ntfy.path;
       settings = {
         base-url = url;
         listen-http = ":${toString port}";
@@ -16,8 +21,12 @@ in
         auth-users = [
           "Debit3885:$2a$12$ZeFimzdifNFSmf0W2oi.vuZfsqae75md9nhC/Q2BcKMyvDO8T.uEK:admin"
           "borgmatic:$2a$12$ZeFimzdifNFSmf0W2oi.vuZfsqae75md9nhC/Q2BcKMyvDO8T.uEK:user"
+          "gatus:$2a$12$OswG3sB8oDaB.KpawKM3P.78dID.Tj/0y5qeVD5BE6EH5bpGKe.na:user"
+        ];
+        auth-access = [
+          "borgmatic:backups:wo"
+          "gatus:services:wo"
         ];
-        auth-access = [ "borgmatic:backups:wo" ];
       };
     };
 
@@ -48,4 +57,6 @@ in
       }
     '';
   };
+
+  age.secrets.ntfy.file = ../../../secrets/ntfy.age;
 }
diff --git a/secrets/ntfy.age b/secrets/ntfy.age
new file mode 100644
index 0000000..c173ff0
--- /dev/null
+++ b/secrets/ntfy.age
@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> ssh-ed25519 qLT+DQ jySlchGAPxdkjpZzg+5BLH7O5yM+O5a9CleBVMqbck8
+I5OEMjXJNrNKIBumXmiAMXRa1AZx0cKQ0BfM7HYCcRc
+-> ssh-ed25519 NanIwQ 29upo2jTQF8Vz91yWmYCXnQW4LgYcvt1TcF/HLA5klA
+eQla3EMQnRPzhd5MyDL3byPhIiio0rFFM+yesPLEtv8
+-> ssh-ed25519 LtK9yQ Vx/lQ6M/wYa9483YpuCwwobNuIZjv/Sy9vl695H05BQ
+qqUWRnrMYfflhcznrF2QKfODDa7vmz6Uy7fk1zSpbEE
+--- xunznREPjjEVRWAmqI/4xKp/NrNk6C3B1Z+3Vjf2TL4
+ˆÔm³{–­œšïž¾²úz\ÀÂ,TºSS7T¤k«)úhçÙ—V—X´¶²€—¢0m»N?=ÓŸx	TdÄY0²[)Û“SZš¸Ùñ:û>FUÖ™~
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 4eed98d..8909f33 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -19,6 +19,7 @@ in
   "borgmatic-pg.age".publicKeys = users;
   "borgmatic.age".publicKeys = users;
   "copyparty.age".publicKeys = users;
+  "gatus.age".publicKeys = users;
   "git_signing_key.age".publicKeys = users;
   "git_signing_key.pub.age".publicKeys = users;
   "immich.age".publicKeys = users;
@@ -27,6 +28,7 @@ in
   "kavita.age".publicKeys = users;
   "lidarr.age".publicKeys = users;
   "miniflux-creds.age".publicKeys = users;
+  "ntfy.age".publicKeys = users;
   "nzbget.age".publicKeys = users;
   "paperless.age".publicKeys = users;
   "porkbun-api.age".publicKeys = users;