diff --git a/.sops.yaml b/.sops.yaml
index fdad7d3..c4b8201 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -12,13 +12,18 @@ creation_rules:
     key_groups:
       - age:
           - *desktop
+  # Desktop secrets
+  - path_regex: secrets/system/llama\.yaml$ # llama.cpp API key
+    key_groups:
+      - age:
+        - *desktop
   # Server secrets (cameras)
   - path_regex: secrets/system/cameras\.yaml$ # RTSP Feed
     key_groups:
       - age:
           - *server
   # Server secrets (searxng)
-  - path_regex: secrets/system/searxng\.yaml$
+  - path_regex: secrets/system/searxng\.yaml$ # searxng token
     key_groups:
       - age:
           - *server
diff --git a/secrets/system/llama.yaml b/secrets/system/llama.yaml
new file mode 100644
index 0000000..84e67dc
--- /dev/null
+++ b/secrets/system/llama.yaml
@@ -0,0 +1,16 @@
+LLAMA_API_KEY: ENC[AES256_GCM,data:J9MRO+I4P1E6+v6xvUd9fGgCsUqTjKN+nt1W2rSia+hLyS4p5z6edGJzsf0GAeLeO0wW8WXSj04lpWSgzDKIVA==,iv:teWpdiiqFEcYy+b8PqkbClzFMoItBLUiBfCViHcqWCQ=,tag:/kmmzhs/nIfICmQMdyUPfQ==,type:str]
+sops:
+    age:
+        - recipient: age17ejyzyk52unr6eyaa9rpunxpmf7u9726v6sx7me3ww3mdu5xzgjqsgj9gl
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIeHdwYnhLTkFCWEg4c1Na
+            aHlGY2lGaU5DclpnLzRvK0RTaERubFBDQjNZCnZRdmF6bk1ENWFHVm9zTFJGRW5j
+            aTZWM0F2Z0N2S2JnOWJVRlJOL0ZHZ2sKLS0tIGtNNjRVM3pJb0dYUDhiemNxb05C
+            SFF2bFN6dXByZGR5a3A3NjZZYmFGR3MK3F7VqRxqK4AobeCZo0EozK9ZImNl1PGR
+            MSDa0Ljk5JHaxo5LXdc3bv55BH/97cmFX6HTOY/Lj9ioIHpS/f5p+g==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2026-04-14T02:12:27Z"
+    mac: ENC[AES256_GCM,data:6cg659/N2U31u8KQUtRypS7oUb7JfbodrX8wkNjMhDN5cGEDL2wrFZ+51uYblBGhXwLR5Isk7XNSzzgHNsUeQZlJEY2/OUIZ5TOYmKpWUSpSQTwF08MqqNXj9qgSle5yfrvi43+743b50Eh3VExtpF0gpODwunPoBXl0L89Or00=,iv:Kr+GtbwqyElWgnf6mKc1lXPicCvkWoQj5LGy6r7jcM8=,tag:IjmHvCQo9kI5BZFghnUMwg==,type:str]
+    unencrypted_suffix: _unencrypted
+    version: 3.12.1
diff --git a/system/machines/desktop/system.nix b/system/machines/desktop/system.nix
index 7a12793..e981ab8 100644
--- a/system/machines/desktop/system.nix
+++ b/system/machines/desktop/system.nix
@@ -5,6 +5,10 @@ let
     (user: user.modules.user.security.gpg.enable or false)
     (lib.attrValues config.home-manager.users);
 
+  devEnabled = lib.any
+    (user: user.modules.user.utils.dev.enable or false)
+    (lib.attrValues config.home-manager.users);
+
   sysModules = config.modules.system;
 
 in
@@ -19,6 +23,11 @@ in
     "WIFI_HOME_PSK" = wifi;
     "WIFI_CAMS_SSID" = wifi;
     "WIFI_CAMS_PSK" = wifi;
+  } // lib.optionalAttrs devEnabled {
+    "LLAMA_API_KEY" = {
+      sopsFile = ../../../secrets/system/llama.yaml;
+      owner = config.user.name;
+    };
   };
 
   sops.templates."wifi-env".content = ''
diff --git a/user/modules/utils/dev/default.nix b/user/modules/utils/dev/default.nix
index 89c4809..991524b 100644
--- a/user/modules/utils/dev/default.nix
+++ b/user/modules/utils/dev/default.nix
@@ -30,9 +30,9 @@ in
     ];
 
     programs = {
-      #bash = {
-      #  initExtra = import ./config/penpot.nix;
-      #};
+      bash = {
+        initExtra = "export LLAMA_API_KEY=$(cat /run/secrets/LLAMA_API_KEY)";
+      };
       direnv = {
         enable = true;
         enableBashIntegration = true;