diff --git a/common/global/sops.nix b/common/global/sops.nix
index 8560b89..ba0d2b6 100644
--- a/common/global/sops.nix
+++ b/common/global/sops.nix
@@ -1,5 +1,10 @@
 {
   sops = {
     defaultSopsFile = ./../../secrets/secrets.yaml;
+    # sometimes the impermanence bind mount is stopped when sops needs these
+    age.sshKeyPaths = [
+      "/persist/etc/ssh/ssh_host_ed25519_key"
+      "/persist/etc/ssh/ssh_host_rsa_key"
+    ];
   };
 }