diff --git a/modules/age-secrets.nix b/modules/age-secrets.nix
index b38ba82..4f65d20 100644
--- a/modules/age-secrets.nix
+++ b/modules/age-secrets.nix
@@ -168,6 +168,15 @@
       group = "gitea-runner";
     };
 
+    # Git-crypt symmetric key for the new unified nixos repo (Phase 5 of the unify migration).
+    # Added additively here so muffin can decrypt nixos's secrets once Phase 6 cuts CI over.
+    git-crypt-key-nixos = {
+      file = ../secrets/git-crypt-key-nixos.age;
+      mode = "0400";
+      owner = "gitea-runner";
+      group = "gitea-runner";
+    };
+
     # Gitea Actions runner registration token
     gitea-runner-token = {
       file = ../secrets/gitea-runner-token.age;
diff --git a/secrets/git-crypt-key-nixos.age b/secrets/git-crypt-key-nixos.age
new file mode 100644
index 0000000..4dee922
Binary files /dev/null and b/secrets/git-crypt-key-nixos.age differ