diff --git a/nixosModules/clanCore/secrets/default.nix b/nixosModules/clanCore/secrets/default.nix
index 48fef2956..fa961ddda 100644
--- a/nixosModules/clanCore/secrets/default.nix
+++ b/nixosModules/clanCore/secrets/default.nix
@@ -1,5 +1,12 @@
 { config, lib, ... }:
 {
+  options.clanCore.secretStore = lib.mkOption {
+    type = lib.types.enum [ "sops" "password-store" "custom" ];
+    default = "sops";
+    description = ''
+      method to store secrets
+    '';
+  };
   options.clanCore.secrets = lib.mkOption {
     type = lib.types.attrsOf
       (lib.types.submodule (secret: {
diff --git a/nixosModules/clanCore/secrets/sops.nix b/nixosModules/clanCore/secrets/sops.nix
index ab9772282..237148911 100644
--- a/nixosModules/clanCore/secrets/sops.nix
+++ b/nixosModules/clanCore/secrets/sops.nix
@@ -21,7 +21,7 @@ let
   secrets = filterDir containsMachineOrGroups secretsDir;
 in
 {
-  config = {
+  config = lib.mkIf (config.clanCore.secretStore == "sops") {
     system.clan.generateSecrets = pkgs.writeScript "generate-secrets" ''
       #!/bin/sh
       set -efu