diff --git a/common/server/mailserver.nix b/common/server/mailserver.nix
index b58cc9d..319c0bf 100644
--- a/common/server/mailserver.nix
+++ b/common/server/mailserver.nix
@@ -43,7 +43,7 @@ in
             "robot@neet.dev"
           ];
           sendOnly = true;
-          hashedPassword = "$2b$05$hkmwXGJSKuG/1.SmLecWSuzlq1F5pjp2ScoipQoVLR0ssSN5MgRs.";
+          hashedPasswordFile = "/run/agenix/hashed-robots-email-pw";
         };
       };
       rejectRecipients = [
@@ -55,6 +55,7 @@ in
       certificateScheme = 3; # use let's encrypt for certs
     };
     age.secrets.email-pw.file = ../../secrets/email-pw.age;
+    age.secrets.hashed-robots-email-pw.file = ../../secrets/hashed-robots-email-pw.age;
 
     # sendmail to use xxx@domain instead of xxx@mail.domain
     services.postfix.origin = "$mydomain";
diff --git a/secrets/hashed-robots-email-pw.age b/secrets/hashed-robots-email-pw.age
new file mode 100644
index 0000000..0044c18
Binary files /dev/null and b/secrets/hashed-robots-email-pw.age differ
diff --git a/secrets/robots-email-pw.age b/secrets/robots-email-pw.age
index ff9a725..9935f57 100644
Binary files a/secrets/robots-email-pw.age and b/secrets/robots-email-pw.age differ
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 33f40c3..344c0cf 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -15,6 +15,7 @@ in
   # email
   "email-pw.age".publicKeys = all;
   "sasl_relay_passwd.age".publicKeys = all;
+  "hashed-robots-email-pw.age".publicKeys = all;
   "robots-email-pw.age".publicKeys = all;
 
   # vpn