diff --git a/.sops.yaml b/.sops.yaml
index b6181487..249cc56f 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -1,9 +1,6 @@
-# This example uses YAML anchors which allows reuse of multiple keys
-# without having to repeat yourself.
-# Also see https://github.com/Mic92/dotfiles/blob/master/nixos/.sops.yaml
-# for a more complex example.
 keys:
   - &foureighty-source age1qpxvqf2254vynw7aah2pyd8tm0lqtfqr9maguewdj3uqjp8smqvssjp43n
+  - &foureighty-target age1s3z2rfske90kt93a3z7twp6kew6mqd08sgunupym0gpmuh8ezqqscdrv7m
   - &skinnyv-source age1p76577kkfttxxj8ckwwkhyhhz7qq2d7qf2lenyaa0g3v2gd3eecqhhf9jn
   - &skinnyv-target age1mpgtj57e256q9nqz8jt0jt9ntxrldu0p7aunxx3y5vnerfz04vqqdst2gt
   - &bolty age1msgz4lzqj3wd4yu3mfgxyl5gz0y94al59njv8fqu7s0dvwt9yuvsctlhvu
@@ -12,6 +9,7 @@ creation_rules:
     key_groups:
     - age:
       - *foureighty-source
+      - *foureighty-target
       - *skinnyv-source
       - *skinnyv-target
       - *bolty
diff --git a/README.md b/README.md
index ed0f8ed7..478b1969 100644
--- a/README.md
+++ b/README.md
@@ -147,7 +147,10 @@ nixos-install --flake '.#'
 ssh-keygen -t ed25519
 mkdir -p ~/.config/sops/age/
 ssh-to-age -private-key -i ~/.ssh/id_ed25519 > ~/.config/sops/age/keys.txt
-age-keygen -y ~/.config/sops/age/keys.txt #add result to .sops.yaml
+age-keygen -y ~/.config/sops/age/keys.txt #add result to .sops.yaml as a 'source' key
+# add machine's age public key from /var/lib/sops-nix/key.txt to .sops.yaml as a target key
+sops --add-age [source-age-key] -i -r ./nixos/i3/openweathermap.sops.yaml
+sops --add-age [target-age-key] -i -r ./nixos/i3/openweathermap.sops.yaml
 # syncthing
 # vault
 # firefox sync
diff --git a/nixos/i3/openweathermap.sops.yaml b/nixos/i3/openweathermap.sops.yaml
index fe928b88..ce4a073f 100644
--- a/nixos/i3/openweathermap.sops.yaml
+++ b/nixos/i3/openweathermap.sops.yaml
@@ -1,4 +1,4 @@
-openweathermap-api-key: ENC[AES256_GCM,data:6qCm3Oivna89wAi0slA0MEizKBf6BXxU8ISzFXuMM4s=,iv:8SKcOQQBqF6gA8xs+RzlRG4GscrLgm4MyOoKZH7AxhU=,tag:0ZDKZjxrlHbT0QmmfEq60w==,type:str]
+openweathermap-api-key: ENC[AES256_GCM,data:8JXRYvBjy8/aDPcU8vpEObkewvf83gBFasoVOz1bUS8=,iv:8SKcOQQBqF6gA8xs+RzlRG4GscrLgm4MyOoKZH7AxhU=,tag:KNBGy1vS1fgOBMSAXkl8JQ==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -8,41 +8,50 @@ sops:
         - recipient: age1qpxvqf2254vynw7aah2pyd8tm0lqtfqr9maguewdj3uqjp8smqvssjp43n
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvRnN6MGltbUd4NlFnYits
-            emtkVCtkR2M5OXEvNUJxLzU0ME1IdHhCaW00Ck9YS0owTDc5a1pHL0F1THRoWmZ3
-            cVVSQ3lGczB0Z0NqQjJoMVJ5bXRlbjgKLS0tIDljdWdlRk1GWUVpVGFyN0tsQno0
-            NzN4VkVZbUZwd3ZOQjB5S2dpVUJacGcKnkxIl7U0wfZtEbj3drdcVuSpMwk+CJxz
-            bqMjyP3kzLkqcIfG7xJgk40SURrETrpPyXEst2j4cvKKna6qXjzq1Q==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoMm1vQjZQSU9nQzFHeWFN
+            QTYvU29sdWpkTi9BVUdONTZ5SWRFYUVidzNjCnlVelc2RXFuamxvc25FRGFERjhn
+            R2ZYTFBxT3hJbDh0Sk9PRUlpbmRReW8KLS0tIEd6Z2lCWUplck1nWjQrYWR4U3pn
+            QStKR0RnOW13RmRZZlVPN1EvaFVPQkUK6YFw7ej/dIw99Z3oaInuJVKEadhTvEvQ
+            Hc617o4lBNAzOgVJBsRpf9BLNDpr0oO285xLWB8jEFlCkymTPfrn+A==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1p76577kkfttxxj8ckwwkhyhhz7qq2d7qf2lenyaa0g3v2gd3eecqhhf9jn
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUcG0zNTNOc1NadzAxWllr
-            Y1JwNmNOMXVvY1UrZGw1MmVuekJqZFdOaHhJCm1heVU4WnFOWm9HZVN4SWFJZ0tX
-            L3BtN1VXdWlJT2xXd0RTWDhMMVFqL1UKLS0tIE5aeERGZWxONE5kZUdGRE80L0lY
-            WkEwNkVNTDdYSGpDU0ZvZXc4WmlYYVEKvgW8cJrQBr1JLOUOgLzkrY0VuTqKpGr2
-            zgbfv3pkFyMrvIWPdhQYiD1YUXjS+O3DkYuQtQxGrnRGG3DUKu383A==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBeGFpYzdUajJuZTUwZitp
+            WDdaVTF5d2xyYVgyeU4veS9udlRMa3BlTnpFCkZmNWg0clNMUjQ0TEVLcTBKeTMv
+            R0d2Tkk1Q3RxWHJsR0M4bzE3RlJMOEkKLS0tIEt3b255Sk5MZjhCQU5CSE5tcDls
+            S0ZoNlg4V1ZvSEFweVNMMmx2RFdCWVEKk3ADVZWiH66aA+gcwbFKnESx89R4x373
+            Mny0e9ZiWrSH8FU0/Ya+f8UWfA/c3NFvVz9uv5QO7g6/4re9aglvxA==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1mpgtj57e256q9nqz8jt0jt9ntxrldu0p7aunxx3y5vnerfz04vqqdst2gt
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzVTJaOUlQK3RmRDU3V0l1
-            YldSTlFiem1HRlZoc052ampLM25VUVJDWjNJCk1qVzJBV1JlbW5ybEZFN3Bzaksw
-            WVJFUW8wMkFJSXBJcGdPS0tSNkV3MTgKLS0tIDJZaHlRdHlRcm8rSVVCYnVMMDJx
-            aWY3MVhIb0t6Q1FGeTBxemQ2SUtZZVUKfBEeR4/UQXJbcvFgtipXkQ3HgoJDjL/d
-            YHUPLFM5MDcUg9mM0GvNCL/15DnyfuM6XH1iDgabOTp+C2TjIUGucQ==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTa3kwcHdwTit6Njc3N3pM
+            NEtRTFAwL0UrbWFZMHF1dGhOMDMyeCtIZERvCjZXbEcxWEtBRUZ1bmlkbkpYdW1M
+            ZzlRUVE3azVpZ1VCVHZuK1RwMGlxOU0KLS0tICtmRnRMVlpIeE92bFU0STUvT1Bm
+            Z1dnbEFvQmNJTU9Db0tYY1RQa0V3eTgKrA90cWE0zGpIsnHiweBmKZKdO4y1axz9
+            gnWvz5ViEkLgwP7TQhykcRq9B4Op3qdEoVBqHmJ996tlzxYrRrirTQ==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1msgz4lzqj3wd4yu3mfgxyl5gz0y94al59njv8fqu7s0dvwt9yuvsctlhvu
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwZElNRmJxUlhUNUtSR1g1
-            MzhzRFZCZ0RJNzZtc0ZrelFRcTJSYno1b0c4CjNRQUFQZDJHQUhWbFpqbnpDVVNQ
-            a2pDZGhqU3NhcEtzUEQ2KzVSVzlXYkkKLS0tIGRXY3ZyZmhiRXY2TmpTNXVtaFN6
-            TVduYWNXSndRYWpHY091d1FrdDhJQW8KbH4UTeaQP1YcvN4z0MNoer9hjeycrQPT
-            +cZPCsofN00OnToEn32YwxT04ocdkFig0tSZlacg2IjvMRVQMeq/Yw==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQQVRoM0Z2RVExVHVQR0xN
+            OG82VGxtbmIxSGd3bHRLNmt5dHZtanRMRmkwCmJ1NS9VZjZOR2o1RVlvNUtZODQ1
+            amt1ZTBCOUFaVlVlQXdpUkg1dEM3aVUKLS0tIFlXM09ZRk1xR09adUxKVHozWWJU
+            alU5MFJjQkN0d3dNZ3VpcElsQnRURGMKBKo78lEy3t9vgPX/j0euYwC0OJlFPRt4
+            +nmyJg88eMdcBY+vNqNCKQ4/61AxtLTH4qH0QS5vSf2Syy8mh5Tbwg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2022-07-16T07:48:28Z"
-    mac: ENC[AES256_GCM,data:nizqT2X5lqnh/afvUhBimmSN0pw+nzbdVcjrrGaqEKCQ2D7RRZGax+RCLbTld5NXjcFkHzbEA447WtGgaTvAX0tTypA8wYpFnL306hAdQueELl/fqf/fXWVGkCnP5OoU4gb8soV1vxPvN8LkY3+uh82DXfI6QHrA/SneP1qP4yg=,iv:DPbqcBmTWOTzTVF6wZffNeZvQBdG9Q2BCFhHXK1ZCjM=,tag:8vsszQbQCzNqDxAwpdwj+g==,type:str]
+        - recipient: age1s3z2rfske90kt93a3z7twp6kew6mqd08sgunupym0gpmuh8ezqqscdrv7m
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqb1ZCdTJjTW5iU3BEQnJa
+            d2VLaHJlbUNiV1VJTHhZTDJXVlhhTDhQYzN3CkhjUjhUU1ZpcTR1VnBrK0o5R2ww
+            bldFUmUzTWRIN1NxZ2ZtRW5DU0czMG8KLS0tIFI4VUg5NnFwMkthT2UxQTNET3V0
+            OGYyNlQzcC9ybWdVd1N3UGxEVVhMS2MKe+MC46XDCSVQfOVXLmIRGppGs30tBicH
+            m96+2FgWOovJzFrgAMychYzkunQI6D8APE5jSU2apyzkwwxDAkS84A==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2022-07-16T08:32:27Z"
+    mac: ENC[AES256_GCM,data:0SWCpWsvMlWHFFjEQK5UCld3qnURz8G+2Qj4HXRQY8dH8M5qscjzHxk8hausPppzVjiYpemyYDZ9IdDAqVtijhYjmuFdM6FvLrvVoNo4C7z8RadhxZkqJ0IZBUrMOyrK9pDssC/+LOljgKSv9RZwNIvb1QCyyezPQj5QLmUZipo=,iv:CEn3rZDKJG6/a6MuZReEytPy89S73nt3rnSDHHubghA=,tag:qn4COe6Wbv67UynhIpsALg==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.7.3