diff --git a/clanModules/root-password/default.nix b/clanModules/root-password/default.nix
index 38cc9f890..9c901f30e 100644
--- a/clanModules/root-password/default.nix
+++ b/clanModules/root-password/default.nix
@@ -1,9 +1,18 @@
-{ pkgs, config, ... }:
+{
+  pkgs,
+  config,
+  lib,
+  ...
+}:
 {
   users.mutableUsers = false;
   users.users.root.hashedPasswordFile =
     config.clan.core.facts.services.root-password.secret.password-hash.path;
-  sops.secrets."${config.clan.core.machineName}-password-hash".neededForUsers = true;
+
+  sops.secrets."${config.clan.core.machineName}-password-hash".neededForUsers = lib.mkIf (
+    config.clan.core.facts.secretStore == "sops"
+  ) true;
+
   clan.core.facts.services.root-password = {
     secret.password = { };
     secret.password-hash = { };