diff --git a/nixos/profiles/services/miniflux/default.nix b/nixos/profiles/services/miniflux/default.nix
index 10ef2ee..f44ff12 100644
--- a/nixos/profiles/services/miniflux/default.nix
+++ b/nixos/profiles/services/miniflux/default.nix
@@ -1,5 +1,15 @@
 { config, ... }:
 {
+  sops.secrets."miniflux/oidc-client-secret" = {
+    sopsFile = config.sops.secretFiles.host;
+  };
+
+  systemd.services.miniflux.serviceConfig = {
+    LoadCredential = [
+      "oidc-client-secret:${config.sops.secrets."miniflux/oidc-client-secret".path}"
+    ];
+  };
+
   services.miniflux = {
     enable = true;
     config = rec {
@@ -8,6 +18,7 @@
       CREATE_ADMIN = 0;
       OAUTH2_PROVIDER = "oidc";
       OAUTH2_CLIENT_ID = "miniflux";
+      OAUTH2_CLIENT_SECRET_FILE = "/run/credentials/miniflux.service/oidc-client-secret";
       OAUTH2_REDIRECT_URL = "${BASE_URL}/oauth2/oidc/callback";
       OAUTH2_OIDC_PROVIDER_NAME = "id.rebmit.moe";
       OAUTH2_OIDC_DISCOVERY_ENDPOINT = "https://id.rebmit.moe/realms/rebmit";
diff --git a/secrets/hosts/suwako-vie0.yaml b/secrets/hosts/suwako-vie0.yaml
index 3900744..9ac12ab 100644
--- a/secrets/hosts/suwako-vie0.yaml
+++ b/secrets/hosts/suwako-vie0.yaml
@@ -2,6 +2,8 @@ synapse:
   signing-key: ENC[AES256_GCM,data:yFxwWDpdQvHetThkK02a/GN3lcw4GNb7BItutO5zisKptG6qB+BdWwHB34oK81J5Rbt3MGLwMwVpa0w=,iv:pQMDF4wSyzLvlRj3jMVbjyx16G76gj7e2ZvEHTB2VUU=,tag:dl1Onm5LNzH2aHZNfnRPbg==,type:str]
   oidc-client-secret: ENC[AES256_GCM,data:1zUxCuFyTWFvcu7W0dJ70RKyPWW0WY9fJwlaQkYRzok=,iv:8+3w1kz81CfTvzYv8thd/EaEUn2A/OdL8Uw4n0o69tE=,tag:qGTZodnQwOsI/cyXK6X09Q==,type:str]
   mautrix-telegram-bot-token: ENC[AES256_GCM,data:SgzTnwfmJqYeAM0PjZ0sosYTgkiw8gR6eszfkpM7VIOTlNmkkJezD5CtSHlsQA==,iv:olLvkkl9VHPrUuKZgOQgpzRMEymm9oYo0hJs8KsiTBE=,tag:eEOjwT7vBTyTRnS6qtu4dg==,type:str]
+miniflux:
+  oidc-client-secret: ENC[AES256_GCM,data:lepzgaeSH8YaLgYDgVMILzrLeS8M4taFvzLvw6L1wlE=,iv:S+iXWEDA85xwm9KSEnhYP/8RNdXSRjQetK2VwSHSphM=,tag:D1mNiC0+HA2SL4iEzu0KfQ==,type:str]
 sops:
   kms: []
   gcp_kms: []
@@ -26,8 +28,8 @@ sops:
         ZjQyOG1ZVDVnTGxBNWR0RGs3d082aGsKqqIdYDPsnvCa5+YFWCqdwAi5vgWuMazv
         sZF1K96MHFgxgqgGonu2wZN3uj2mGttDRC8ZZmMPEftY1na6VLl40A==
         -----END AGE ENCRYPTED FILE-----
-  lastmodified: "2025-01-01T02:07:05Z"
-  mac: ENC[AES256_GCM,data:Lyfte9XWPuhEmLXcR6ZAtldwKCDx/tyE6OToIRAHS1z53fH6qZSXzSW0Fby+kxNKFCK1CXwvUCe5HMSWYYT1GfN0Oj0kxwFjUqV8EJa2wmUreruNJrJQ328EIPVbQZYaZfDdZpomIZsFo+PfZwWDkbDog7+PcVAoIN+QSnk7Bpk=,iv:+qaJbaqaGoUaZRsX4uemtBED00rHyJoKesUt+vZbAgE=,tag:1B1j/56Fy/I3lqpT73u5Gw==,type:str]
+  lastmodified: "2025-01-03T14:36:58Z"
+  mac: ENC[AES256_GCM,data:6RjzHgqvZa9p015ovg/+h0h45UqN5OgGZrOLBErlZUcTMFdWvG3wgqRAzPFtNgWwXxe32ClUtU1xbxiAYmTbKBu6OQfAz3sxstxRJHiZv2/KbFF5L3SO5Orqdq924g1H0MNbIuvPr2+eOpj0HDRBSQh7q+lDhsZjlcEXjEb4sEM=,iv:PbaUqeNBlIgs2Tk5lEDEwEPDqOSh4n/xw6NV3j0Eyww=,tag:b1beaDtPMpMybyxseibwKg==,type:str]
   pgp: []
   unencrypted_suffix: _unencrypted
   version: 3.9.2