diff --git a/pkgs/clan-cli/clan_cli/secrets/generate.py b/pkgs/clan-cli/clan_cli/secrets/generate.py
index f5d90f40b..586549eaa 100644
--- a/pkgs/clan-cli/clan_cli/secrets/generate.py
+++ b/pkgs/clan-cli/clan_cli/secrets/generate.py
@@ -42,11 +42,25 @@ def generate_secrets(machine: Machine) -> None:
                 secrets_dir = tmpdir / "secrets"
                 secrets_dir.mkdir(parents=True)
                 env["secrets"] = str(secrets_dir)
-                # TODO use bubblewrap here
+                # fmt: off
                 cmd = nix_shell(
-                    ["nixpkgs#bash"],
-                    ["bash", "-c", machine.secrets_data[service]["generator"]],
+                    [
+                        "nixpkgs#bash",
+                        "nixpkgs#bubblewrap",
+                    ],
+                    [
+                        "bwrap",
+                        "--ro-bind", "/nix/store", "/nix/store",
+                        "--tmpfs",  "/usr/lib/systemd",
+                        "--dev", "/dev",
+                        "--bind", str(facts_dir), str(facts_dir),
+                        "--bind", str(secrets_dir), str(secrets_dir),
+                        "--unshare-all",
+                        "--",
+                        "bash", "-c", machine.secrets_data[service]["generator"]
+                    ],
                 )
+                # fmt: on
                 run(
                     cmd,
                     env=env,