diff --git a/hosts/hitsugibune/matrix.nix b/hosts/hitsugibune/matrix.nix
index 0ebb3e5..14a8b54 100644
--- a/hosts/hitsugibune/matrix.nix
+++ b/hosts/hitsugibune/matrix.nix
@@ -38,6 +38,12 @@ in {
     owner = "mautrix-signal";
     group = "mautrix-signal";
   };
+  age.secrets.mautrix-signal-puppeting = {
+    file = ../../secrets/mautrix-signal-puppeting.yaml.age; # your encrypted YAML
+    owner = "mautrix-signal";
+    group = "mautrix-signal";
+    mode = "0640";
+  };
 
   age.secrets.mautrix-whatsapp = {
     file = ../../secrets/mautrix-whatsapp.age;
@@ -204,6 +210,9 @@ in {
         ];
       }
     ];
+    settings.app_service_config_files = [
+      "/var/lib/mautrix-signal/double-puppeting.yaml"
+    ];
 
     extraConfigFiles = [config.age.secrets.matrix.path];
     settings.turn_uris = ["turn:${turn.realm}:3478?transport=udp" "turn:${turn.realm}:3478?transport=tcp"];
@@ -253,6 +262,9 @@ in {
 
       double_puppet = {
         allow_discovery = false;
+        secrets = {
+          "sprechtl.me" = "as_token:$DOUBLE_PUPPET_SECRET";
+        };
       };
 
       provisioning = {
@@ -261,6 +273,25 @@ in {
     };
   };
 
+  # Ensure directory
+  systemd.tmpfiles.settings."10-mautrix-signal" = {
+    "/var/lib/mautrix-signal".d = {
+      user = "mautrix-signal";
+      group = "mautrix-signal";
+      mode = "0750";
+    };
+  };
+
+  # Insert file for double puppeting
+  systemd.tmpfiles.settings."20-mautrix-signal-puppeting-yaml" = {
+    "/var/lib/mautrix-signal/double-puppeting.yaml".L = {
+      argument = config.age.secrets.mautrix-signal-puppeting.path;
+      user = "mautrix-signal";
+      group = "mautrix-signal";
+      mode = "0640";
+    };
+  };
+
   services.mautrix-whatsapp = {
     enable = true;
     environmentFile = config.age.secrets.mautrix-whatsapp.path;
diff --git a/secrets/mautrix-signal-puppeting.yaml.age b/secrets/mautrix-signal-puppeting.yaml.age
new file mode 100644
index 0000000..71877af
Binary files /dev/null and b/secrets/mautrix-signal-puppeting.yaml.age differ
diff --git a/secrets/mautrix-signal.age b/secrets/mautrix-signal.age
index 930c497..20e44bf 100644
Binary files a/secrets/mautrix-signal.age and b/secrets/mautrix-signal.age differ
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 6b3cbb5..310ff47 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -13,6 +13,7 @@ in {
   "homarr.age".publicKeys = [saberofxebec key];
   "matrix.age".publicKeys = [hitsugibune key];
   "mautrix-signal.age".publicKeys = [hitsugibune key];
+  "mautrix-signal-puppeting.yaml.age".publicKeys = [hitsugibune key];
   "mautrix-whatsapp.age".publicKeys = [hitsugibune key];
   "coturn.age".publicKeys = [hitsugibune key];
   "mail-admin.age".publicKeys = [hitsugibune key];