{ pkgs
, lib
, config
, ...
}: {
  age.secrets =
    let
      age-paths-list = lib.fileset.toList (lib.fileset.fromSource (lib.sources.sourceFilesBySuffices ../../secrets/autoimport [ ".age" ]));
      named-paths =
        builtins.map
          (path: {
            name = lib.strings.removeSuffix ".age" (builtins.baseNameOf path);
            path = path;
          })
          age-paths-list;
      autoimported-secrets = lib.attrsets.mergeAttrsList (builtins.map
        (secret: {
          "${secret.name}".rekeyFile = secret.path;
        })
        named-paths);
    in
    autoimported-secrets;

  age.rekey = {
    masterIdentities = [
      {
        identity = ../../secrets/master/age_master.age;
        pubkey = ../../secrets/master/age_master.pub;
      }
    ];
    storageMode = "local";
    localStorageDir = ../../. + "/secrets/rekeyed/${config.networking.hostName}";
  };
}