diff --git a/.sops.yaml b/.sops.yaml
new file mode 100644
index 0000000..0aa38ce
--- /dev/null
+++ b/.sops.yaml
@@ -0,0 +1,5 @@
+creation_rules:
+  - pgp: >-
+      6B61ECD76088748C70590D55E90A401336C8AAA9,
+      88823A75ECAA786B0FF38B148E401478A3FBEF72,
+      3D7C8D39E8C4DF771583D3F0A8A091FD346001CA
diff --git a/Makefile b/Makefile
index d7f3892..b6344a0 100644
--- a/Makefile
+++ b/Makefile
@@ -11,16 +11,6 @@ KEYS := \
 	88823A75ECAA786B0FF38B148E401478A3FBEF72 \
 	3D7C8D39E8C4DF771583D3F0A8A091FD346001CA
 
-SKIP_SECRETS=
-ifeq ("$(wildcard $(CACHE_DIR)/secrets/$(ENVIRONMENT).env)$(SKIP_SECRETS)","")
-	noop=$(shell \
-		 $(MAKE) SKIP_SECRETS=1 $(CACHE_DIR)/secrets/$(ENVIRONMENT).env \
-	)
-endif
-
-include $(CACHE_DIR)/secrets/$(ENVIRONMENT).env
-export $(shell sed 's/=.*//' $(CACHE_DIR)/secrets/$(ENVIRONMENT).env 2>/dev/null)
-
 .DEFAULT_GOAL :=
 .PHONY: default
 default: \
@@ -96,10 +86,6 @@ apply: \
 $(CACHE_DIR)/secrets:
 	mkdir -p $@
 
-$(CACHE_DIR)/secrets/%.env: secrets/%.env.gpg $(CACHE_DIR)/secrets
-	@echo "Decrypting $@"
-	gpg --decrypt $< 2>/dev/null > $@
-
 $(FETCH_DIR)/terraform:
 	$(call git_clone,$@,$(TERRAFORM_REPO),$(TERRAFORM_REF))
 
diff --git a/README.md b/README.md
index 2082866..f1c4048 100644
--- a/README.md
+++ b/README.md
@@ -10,5 +10,6 @@ For the purpose of transparency, we include our infrastructure configuration rig
 ## Usage
 
 ```shell
+$ sops exec-env secrets/production.enc.env $(getent passwd $UID | cut -d: -f7)
 $ make
 ```
diff --git a/secrets/production.enc.env b/secrets/production.enc.env
new file mode 100644
index 0000000..26f6a47
--- /dev/null
+++ b/secrets/production.enc.env
@@ -0,0 +1,18 @@
+DIGITALOCEAN_TOKEN=ENC[AES256_GCM,data:WB696UuIGYsH49/vf50qnr0Jc9BlyyOwI2Ro366uTnk+PV2zSoJ5/5dwK7rx5eV+KtEFSRlI77YNSGQQu7Vi2o8/oww0ZKo=,iv:6ajnqWcjni8t2pdgHIu4geakmCWZbJQXI4pTsNcDPPE=,tag:rPMz0mdYDoEfAHHFOIutDw==,type:str]
+SPACES_ACCESS_KEY_ID=ENC[AES256_GCM,data:XWbMVgfsw53lrt8n7xVV7N21JrM=,iv:ixIFlfbuf9TnXpq3gb1KT2rSFRhA1Dw6WeMkC7MA6BE=,tag:71WVRoEsoWhmYJDNWQR8bg==,type:str]
+SPACES_SECRET_ACCESS_KEY=ENC[AES256_GCM,data:ZlaVEP1aLPwExen8oNGopPvDMEAEH4dRAlXfc4X+UjB9nHbK9GLmByjkYA==,iv:KXvkAliD7fpdlqRPAiVlugFZiOnjs5EcHhSMGJ/EWLI=,tag:uxU9aejIFjzX4d7mAQP7tA==,type:str]
+AWS_ACCESS_KEY_ID=ENC[AES256_GCM,data:ybxNIT8vIOnmMuWA1OXUKsQO+AA=,iv:ccKucwel6s3Kttmw/c/3n5adWZV7+KOoRq/3w5IQUQU=,tag:wgK/+O9PcngtasX4UNi0tA==,type:str]
+AWS_SECRET_ACCESS_KEY=ENC[AES256_GCM,data:DSLjIaOMvNTh4MhBylu2aBtdBz4r8t7jRhUAgq5tjDJdJaW9bqy72FhXLA==,iv:3c69ee8EjPjcFBTW17zPzO5qFosn925W2BMe97d0wxU=,tag:43vbnMuvCakc79CXgc+yiw==,type:str]
+sops_pgp__list_0__map_enc=-----BEGIN PGP MESSAGE-----\n\nwcFMA82rPM2mSf/aARAApVrdXQTlzUPWxFcFLcI3jy2mrgcw4hrSdCH4FsVlDUQz\ngUQUoZUU83CFdczUEcVjotS33XBuQhaS5eKa6E6BXZv89FqxphHbpCuhrwhGrV0A\n1zJbwZGvnwJl71Pj6wjgE+zCzyVw29zAxVPD3xe9OowJk1/eHmxfOqZWaJpYxcJt\nOn8V+oP8wTPlQnskpGlJqZngfWyCVH9dL+kxPFRR+dHOUgsRI4NSsIIvjIbCMfNy\nuzXZseJk7gMcwBUyRotX6teDILcOBOWHRlDqdfzy14jklB0nv9vFIEaWBrs1Gl9/\n447JQuZuMcMSZ1V65ty9OkVQj0ypcmbk+xrei/rtQYRAI3qrwEHdnbASBkLAS4MD\nxt1BnQDmCTT+gqd2CkVWg+PL7zghGjM9MjAop0eSi9C1ynlDLxJFjMtQtwHlOOGc\nb3Utt3laECLKK0nzrFIOHR3lGPwcUXynfrCOD8PVd6wnU+HkEawtVoe0toz9EJrA\nkm4eO073p1bBRa2aq4/2/zd2r4ku/qYn34FGikoMrrfkJ4twtVj6fvMuXRHLsAch\ntS2MnZ2ovWBPRqKbpJTjTQQlYpERk9aSbnt4oo1vSCC+H17kVNEDgSt5+AWy/PN8\n/5pzIzTMZPan/8dBHqCIvCjw0FBlAUhQZbPm8qnbBa091CIwguttKGz/8NWc8fHS\n5gGHypqmuYRvGNOgFYAx2mR61sMUpAe8NXZGiSirToJpOfVCOFXqBwqJzk6AOoZJ\nbXBziIr+uTumfRter7jB+hrkJwUII8L8edT1Oc6pmX+KROJg60AfAA==\n=Epd+\n-----END PGP MESSAGE-----
+sops_pgp__list_0__map_created_at=2023-05-05T04:43:42Z
+sops_pgp__list_2__map_created_at=2023-05-05T04:43:42Z
+sops_pgp__list_0__map_fp=6B61ECD76088748C70590D55E90A401336C8AAA9
+sops_pgp__list_1__map_enc=-----BEGIN PGP MESSAGE-----\n\nwcFMAw95Vf08z8oUARAApEd+PAv0sLz4jXqsK8chDqEYN2A2d+Bf8ZZcmqDnDrNR\nyKASwn8CftinXbafOLa2MJGUXMvKwNsYs+WYTUOcuVC38xWfURImJ4FCe/gATGg3\nZraGKfWltYBf4ifs+WE25w23w1sBjPXm3u5Qi8kdBkRFqygkHDcl5NG4zSftfOpF\nfQfxttsvqo1DadqOT6TcLfKIr1thPiasabXIAVHaavQTmcJC0t6cNSKIzCXcR4om\nM5Ujxyns0XyYcqLvoMEdrYDOG2X2jugsyPTfuN7rQQarqqNI6EMqBtq9YF+WUWnS\nnJuFX5Pw6aGrx9huZxcJMZcEGO0fevwI55Xrbj1H4JwEOP7cTT6siW3SEpkNyOTH\n+NrCHA/AWqTGeffejpdC3mDg+Nyks++aTJBolDZZsb/PZEz6+fUvlnmrQYckW0yY\nw/rLFafY2/6tO5OS3N6CJQUKCgeFRN7jbizLT6i5jHv7dvRulCPq5NpEDhJSAiqN\npfWKvhb7ZHWK4tvH519Z6gfOzyHK6PH8YFgssO0yrjO9XP+GIfLupVFZ+Y7VEyFx\nUnYNrecBEMg+tdJlnoJJ28QQWuGeKDlaNlwkmm5ALKodjcduoYp0IeYh68rpVLDV\nUBRKBSHg2yenkzlAsuotZH65N6ekWCERzEDDRF2elhPtEPaAQpn7MIU7OHN1vALS\n5gHzveOkQo09D32bkepp97kGGhPcUKT+CKjC89Rd9FIPPkZ/0t3RWbOhFsc3+bky\n+NZBC4pXzYlJ6nOjvGVKOqjkVRZAw7HjiDlZZiAU+j5lwuJeXgbnAA==\n=ic+S\n-----END PGP MESSAGE-----
+sops_pgp__list_1__map_created_at=2023-05-05T04:43:42Z
+sops_pgp__list_2__map_enc=-----BEGIN PGP MESSAGE-----\n\nhF4Dr/MjkOzuuRESAQdAIJZ5kKqyllezD+VwLZyUpNcv0jw1aEYLWkJWY7xroT0w\nA7WZiUwYwve5UEoRfMGpAPwFo9qwz0NvteO4UtkzRwz0mrqfjHu8cxaOMyhqyWpF\n0lwBeWjEcHvIPsJzCuS2v7dCcxaIHYOistpQn5Xyd699cX/qD4vmulDkrBOSYRZ1\nxiEKMyBd0mSSm/l/jxeGoHzse2FXPLGTyOSR4AUnkvr7iGKFLgCmsdwAS42xoQ==\n=bNSh\n-----END PGP MESSAGE-----\n
+sops_pgp__list_2__map_fp=3D7C8D39E8C4DF771583D3F0A8A091FD346001CA
+sops_unencrypted_suffix=_unencrypted
+sops_mac=ENC[AES256_GCM,data:2pvRhmNz7F/Ge/rPHz9WjHxmpx83TNT4ohBJiRVmjex27E1WEj+GGoAi+ESyGq/J+snQOE5GeVaq6osrGGkYHpX5WvuNBEzfBsVv8q7dy+i+OmDXtZTQ8AFqM/UjdKiSg63YvGqz3f6X4jqCp1N6TyDThLWNJR2OSghgcWwV1kg=,iv:XubIj6mwdpgTHCdabroQo7vatgW3KmK1woQMK6cjiG4=,tag:wlyEzJ6TbZfl8DDb7njQsg==,type:str]
+sops_version=3.7.2
+sops_lastmodified=2023-05-05T04:52:38Z
+sops_pgp__list_1__map_fp=88823A75ECAA786B0FF38B148E401478A3FBEF72
diff --git a/secrets/production.env.gpg b/secrets/production.env.gpg
deleted file mode 100644
index b4dadaa..0000000
--- a/secrets/production.env.gpg
+++ /dev/null
@@ -1,45 +0,0 @@
------BEGIN PGP MESSAGE-----
-
-hQIMAw95Vf08z8oUARAAzjif6oh8WTK7rZTojErFvexZUTdA8ur+n5+jOASFaDi2
-404gYSFJlT2FN/72kWCLlggaDjG71vrth/alLjhLgnpGj5R3S7GANyu9exrqp4In
-oS8hzFfqsYe7L+tBvdc2XxPgUvSxIKPC1/vrBKpCEiDaJwgGAINnvfbrUQHZktdF
-jAFgc46FgZb86uUXsjvrzJ84+yd8ycD0laHgiPTYtt537/qcbFUUThE6olPl5pdr
-T5Hf2Z6D+1JnDw659sBoge6rUK7eHIsEttGJgZvOEJo+yk54qzMf2IPEZASFDzF8
-1r8PwQmPtrljfgYC1PhgQjCp2NBu3gPxQtihB+UNZbgUZBQHwBUSC4yH3HovzLvZ
-NG8fj+E/RqsBwh+I1dDe94u1dmniFIAmYv+lnH2R+nn7c/iNy9FvmVR7mVWTqmlk
-WRzS7ktGICZs4Xw/evDalbGvj2ibR9chGlmOZQpRx/TtQWSh4wbX8LQOInKEAQx/
-T4IfyLtlspXEaSH0rMs9+0bCXXCgZs0vzdKgM3I2oap1e3/xH58P5cGQtUeOLJqg
-xDbRH1cigMCYXxGyszcTzD45YofSQrBHtupA7xrejmswxaqifpnxCmsXvp1uNMOU
-thnPtEEiOv2KdQmD+0pq2dVB4TBJ+00vutfMSiSkNxhzmmWm6RskNf69pXQqptOF
-AgwDzas8zaZJ/9oBEACcqi1jzsYbQcqX2I1lTl14gwE7WGUTxOHpnHUrsV613JZr
-bZKFnrGmTAl+TQAOpg2ypmomwm2e6iYY9zaHiz5PtvYJQGz7RUyBfi3PBUJnOZZg
-6xDI4/9X1Yp7FNowI3NrCxickmUhAPz6cgKFxMFukebkeE78o9mvmWOU9QU2UrXm
-X+AKwSCbntpsEJWIUJhIPnl/SZlg4tFUdrVo9sPHiTTp8B3hKZautQr7byzF5HAu
-lDSsPZJErf0HKftkymiPkd+jTEUjj6X5UU9UND2mzkOdQXMn/bBEhbNgZ6VHBkfj
-pKTcdCwulsIMt3dxV+yz+yuSLG+2qe0dDGJhf85smd2TqsBNep6DJgTv8eqt5WaK
-3MsqbRAC84XOWm3aEpETzWT0bmYeMkSssDHkbQIcI/mJ7uVpjNOzkxa+aUaQfxq9
-jUwwcbYOfdiB2vifUHwJ/H1KcYESQsYW+ELXM+rGn3ROk+RYc4lxlAUNtjclOHj9
-og0XCKsv1XVgGKg97FnxrWuEiar0OTgXkpG4pLZfJn6JuNBmEwCG7GPy/cSJg0GJ
-jDjiO3E1ZBzWFcXEn65llg4qlYtGAg1lrA6HHG+gBzXpancBv97DWkjZSQbJ6VPF
-i81L+K0BjehGcUOA6iZKOWu1rpXjMGADpD90tNknAj8pgU8QGJaj6yC3AHpxvYRe
-A6/zI5Ds7rkREgEHQPldmYvPi0+AODArJA3/yxWVLVbIQgZAxMsUHlDiuzhxMNks
-Pt/nKodBy7b6T3Qv+hll2RADjwts2BX2rCPvTBE2zpc3tr6tg+h8e+Vz4wHzfIUC
-DAOVn/hcifsxSQEP/0ME8yhCf7aV/KNH9kkrreA+7xJc9RDIspyZ7PFESxfZmVvL
-o+gi3NhkfgOwzROR6VDLIUrBFdEhtHSeoFf5N0UvoGApSa/FZdf/LpfKnUbOgAER
-zkgTyfC8pRCVAzwzfy+LeoinEV9OH22ZyedrG50pxrYbS1OkvRUK2Fe6uKI6Kz2O
-bEcHx5fen5GPo3m11xcGAu4JHRV0E6zkiscfoZ5C+oplLtk9hho8LGs+KSR1HS3X
-Ay/LdnQtiQSSiUPZebHKo2dC0gmWr9RvDI9mz2jzSsJgbEVqDq6XZkGQRna44kC8
-EFl7mzp08X9QINh8XdnNcwUSMkibq32NqwqW3d7CkIA+BrSPFlmWidohyVtglCZX
-fFfSVLi8gcgP1EQ23aGBkFuhNtMovwqhNYTmMNRknNmZkZcsfzAg4vWXRcum5zZR
-gDQGyAQiPbeMRm7hNjpu0oVlGp6eT3cjqmwRCxXj7EmxokCMiQ86OXtMRMU7efrl
-tc64xnbknDe/hP0mKXhglWR4wwF6iLRRtOEqk2uPPa3xJSB7wrax7ekSJlwOfnjY
-CRWMMNCTPJrgoTDuGIGGoTPxOGkER583ruYzcl/TtNluxD6KUeacBLL7DRy4wUBi
-yRMWVykGWJY30ySaBYLvrpgqpSCVly62m45/dR/AEvM9Pk8UJGlhs3lFqVrx0sA0
-AQVImQi9nkGi9R6zuruVY2eM3ag+jwGsEMky1nSLjwJz6hcJNcotRtbAJYStXvta
-QS4b+l0vJX65BIc45/BhpfSl4qpswweOstV9FPAbUiPVsCme2rYX6KaFGHzpz4eM
-qSPmF270XsXTHO8QPL/W87q98Ve8iLJd2BCjsPqTru8RtjT5zWkDazdwfCHbnoG0
-rkvI9TdWuZj5+XDVBPyW7KiMGtUp4BJFFMOcRiJPx+oipW3knJbhz9dmD5xN+J08
-kc0K3uTgEalfkDtdoHtQKFeYcaq0PUUilCZr3NDYCeF34JAImXfcckdvHihi9Q0l
-hiECWQ==
-=2Gks
------END PGP MESSAGE-----