diff --git a/hosts/pluto/services/gitlab.nix b/hosts/pluto/services/gitlab.nix
index e9e0d62..421b528 100644
--- a/hosts/pluto/services/gitlab.nix
+++ b/hosts/pluto/services/gitlab.nix
@@ -4,13 +4,35 @@
   ...
 }: let
   sec = config.age.secrets;
+  user = config.services.gitlab.user;
+  group = config.services.gitlab.group;
 in {
   age.secrets = {
-    gitlab_db.file = ../../../sec/gitlab_db.age;
-    gitlab_initpw.file = ../../../sec/gitlab_initpw.age;
-    gitlab_otp.file = ../../../sec/gitlab_otp.age;
-    gitlab_pw.file = ../../../sec/gitlab_pw.age;
-    gitlab_sec.file = ../../../sec/gitlab_sec.age;
+    gitlab_db = {
+      file = ../../../sec/gitlab_db.age;
+      owner = user;
+      group = group;
+    };
+    gitlab_initpw = {
+      file = ../../../sec/gitlab_initpw.age;
+      owner = user;
+      group = group;
+    };
+    gitlab_otp = {
+      file = ../../../sec/gitlab_otp.age;
+      owner = user;
+      group = group;
+    };
+    gitlab_pw = {
+      file = ../../../sec/gitlab_pw.age;
+      owner = user;
+      group = group;
+    };
+    gitlab_sec = {
+      file = ../../../sec/gitlab_sec.age;
+      owner = user;
+      group = group;
+    };
   };
 
   services.gitlab = {