diff --git a/hosts/anzu/configuration.nix b/hosts/anzu/configuration.nix
index 82c8727..5ea2f87 100644
--- a/hosts/anzu/configuration.nix
+++ b/hosts/anzu/configuration.nix
@@ -24,9 +24,9 @@
     fsType = "cifs";
     options = let
       automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s,user,users";
-      username = "chase";
-      password = "$(cat ${config.sops.secrets."smb-password".path})";
-    in ["${automount_opts},username=${username},password=${password},uid=1000,gid=100"];
+      credentials = "${config.sops.templates."smb-credentials".path}";
+    in ["${automount_opts},credentials=${credentials},uid=1000,gid=100"];
+    #in ["${automount_opts},credentials=/etc/nixos/smb-secrets,uid=1000,gid=100"];
   };
 
   system.stateVersion = "24.11";
diff --git a/nixos/base.nix b/nixos/base.nix
index 1bd7bae..ec0d384 100644
--- a/nixos/base.nix
+++ b/nixos/base.nix
@@ -119,15 +119,20 @@
   sops = {
     defaultSopsFile = ../secrets.yaml;
     validateSopsFiles = false;
-
     age = {
       sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
       keyFile = "/var/lib/sops-nix/key.txt";
       generateKey = true;
     };
-
     secrets = {
-      smb-password = {};
+      "smb-username" = {};
+      "smb-password" = {};
+    };
+    templates = {
+      "smb-credentials".content = ''
+        username=${config.sops.placeholder.smb-username}
+        password=${config.sops.placeholder.smb-password}
+      '';
     };
   };
 
diff --git a/secrets.yaml b/secrets.yaml
index 617f989..490c390 100644
--- a/secrets.yaml
+++ b/secrets.yaml
@@ -1,3 +1,4 @@
+smb-username: ENC[AES256_GCM,data:pFkBi+c=,iv:JSRlBHBGMNZVZZuQaSHj/cpXOaxRV3xkG/OaTOjFDZc=,tag:ALMWCi+gAqt2HtSKGGaS5Q==,type:str]
 smb-password: ENC[AES256_GCM,data:LgxYSOZhj5DwvTwAoF0cLJezxYQ=,iv:is3PWEgvWmbFc39npdjD9qYrMo76wWAczZlo7LCoNf0=,tag:vanjCeI01KaL5STCSwxM/g==,type:str]
 sops:
     age:
@@ -19,7 +20,7 @@ sops:
             aVFNTW8yeEUvb2tLcnRpUFltSVlZVXMKSnKkMhnW7/ZOW/LkBGJZvrfE6lUT1TrB
             O83/WxPsN5mFz9WxqKevPNlLJaPwqJQjAS2TRYlya3uvGydpJoV7+g==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-06-08T17:56:04Z"
-    mac: ENC[AES256_GCM,data:fFVK7hOu5MnZ8XKv+J3cOcHHNAdx+3L/HidlgRuCrI4KTMnkK+17MThF7xNblERQtMlb2qgz/I7A/4+GcaH/Whrgynduy+Bc6g7GlzZBnT7EhASt/TjMurqqH3AXcdFHiG2K7zhDYH4ssu8aPIDYpw2gCytQPNgqWkRjygkLrDo=,iv:E1Hh35wGOiiNMNFhRns48wtTMxe8mdj/ueU4nxYO8Ug=,tag:5OqmX0f2tSVdgqkEHjA60w==,type:str]
+    lastmodified: "2025-06-08T19:43:47Z"
+    mac: ENC[AES256_GCM,data:9YpgBrJwWhz2utNPldpIU/ylaN2QfkSj1LvWa8sISSnuXvsBsZ8a+oNzuGDd5+Q1pSYtoiBt6viqZn65wp8x+kb9ZMJdsWoZZG2U1b3rHUsadOYarvwMVDoQ5TZFFjEOyzyCgT7ln6v1rfAKwL5LJ3Kjv6SRIb9dK51sDsVijhQ=,iv:yTlxgZoOdB7pu5iZKP+q1cXbDsTT5HgsWo4tkix8948=,tag:qJbiq+Fayx5L9V7to1ijvQ==,type:str]
     unencrypted_suffix: _unencrypted
     version: 3.10.2