diff --git a/clanModules/garage/README.md b/clanModules/garage/README.md
index 911ff0abc..72771bc7d 100644
--- a/clanModules/garage/README.md
+++ b/clanModules/garage/README.md
@@ -3,8 +3,7 @@ description = "S3-compatible object store for small self-hosted geo-distributed
 ---
 
 This module generates garage specific keys automatically.
-When using garage in a distributed deployment the `rpc_key` between connected instances must be shared.
-This is currently still a manual process.
+Also shares the `rpc_secret` between instances.
 
 Options: [NixosModuleOptions](https://search.nixos.org/options?channel=unstable&size=50&sort=relevance&type=packages&query=garage)
 Documentation: https://garagehq.deuxfleurs.fr/
diff --git a/clanModules/garage/default.nix b/clanModules/garage/default.nix
index 0ddd184da..bf3b45d3b 100644
--- a/clanModules/garage/default.nix
+++ b/clanModules/garage/default.nix
@@ -2,9 +2,9 @@
 {
   systemd.services.garage.serviceConfig = {
     LoadCredential = [
-      "rpc_secret_path:${config.clan.core.facts.services.garage.secret.garage_rpc_secret.path}"
-      "admin_token_path:${config.clan.core.facts.services.garage.secret.garage_admin_token.path}"
-      "metrics_token_path:${config.clan.core.facts.services.garage.secret.garage_metrics_token.path}"
+      "rpc_secret_path:${config.clan.core.vars.generators.garage-shared.files.rpc_secret.path}"
+      "admin_token_path:${config.clan.core.vars.generators.garage.files.admin_token.path}"
+      "metrics_token_path:${config.clan.core.vars.generators.garage.files.metrics_token.path}"
     ];
     Environment = [
       "GARAGE_ALLOW_WORLD_READABLE_SECRETS=true"
@@ -14,37 +14,30 @@
     ];
   };
 
-  clan.core.facts.services.garage = {
-    secret.garage_rpc_secret = { };
-    secret.garage_admin_token = { };
-    secret.garage_metrics_token = { };
-    generator.path = [
+  clan.core.vars.generators.garage = {
+    files.admin_token = { };
+    files.metrics_token = { };
+    runtimeInputs = [
       pkgs.coreutils
       pkgs.openssl
     ];
-    generator.script = ''
-      openssl rand -hex -out $secrets/garage_rpc_secret 32
-      openssl rand -base64 -out $secrets/garage_admin_token 32
-      openssl rand -base64 -out $secrets/garage_metrics_token 32
+    script = ''
+      openssl rand -base64 -out $out/admin_token 32
+      openssl rand -base64 -out $out/metrics_token 32
     '';
   };
 
-  # TODO: Vars is not in a useable state currently
-  # Move back, once it is implemented.
-  # clan.core.vars.generators.garage = {
-  #   files.rpc_secret = { };
-  #   files.admin_token = { };
-  #   files.metrics_token = { };
-  #   runtimeInputs = [
-  #     pkgs.coreutils
-  #     pkgs.openssl
-  #   ];
-  #   script = ''
-  #     openssl rand -hex -out $out/rpc_secret 32
-  #     openssl rand -base64 -out $out/admin_token 32
-  #     openssl rand -base64 -out $out/metrics_token 32
-  #   '';
-  # };
+  clan.core.vars.generators.garage-shared = {
+    share = true;
+    files.rpc_secret = { };
+    runtimeInputs = [
+      pkgs.coreutils
+      pkgs.openssl
+    ];
+    script = ''
+      openssl rand -hex -out $out/rpc_secret 32
+    '';
+  };
 
   clan.core.state.garage.folders = [ config.services.garage.settings.metadata_dir ];
 }