diff --git a/hosts/plover/default.nix b/hosts/plover/default.nix
index 3e2dc82a..d395c4ae 100644
--- a/hosts/plover/default.nix
+++ b/hosts/plover/default.nix
@@ -85,8 +85,9 @@ in
       "gitea/db/password".owner = giteaUserGroup;
       "gitea/smtp/password".owner = giteaUserGroup;
       "vaultwarden/env".owner = vaultwardenUserGroup;
-      "borg/patterns/keys" = { };
-      "borg/password" = { };
+      "borg/repos/host/patterns/keys" = { };
+      "borg/repos/host/password" = { };
+      "borg/repos/services/password" = { };
       "borg/ssh-key" = { };
       "keycloak/db/password".owner = postgresUserGroup;
     };
@@ -486,14 +487,14 @@ in
   # production system. However, we're not professionals so we do have backups.
   services.borgbackup.jobs =
     let
-      jobCommonSettings = { patternFiles ? [ ], patterns ? [ ], paths ? [ ], repo }: {
+      jobCommonSettings = { patternFiles ? [ ], patterns ? [ ], paths ? [ ], repo, passCommand }: {
         inherit paths repo;
         compression = "zstd,11";
         dateFormat = "+%F-%H-%M-%S-%z";
         doInit = true;
         encryption = {
+          inherit passCommand;
           mode = "repokey-blake2";
-          passCommand = "cat ${config.sops.secrets."plover/borg/password".path}";
         };
         extraCreateArgs =
           let
@@ -528,9 +529,10 @@ in
       # acceptable for it to be backed up monthly.
       host-backup = jobCommonSettings {
         patternFiles = [
-          config.sops.secrets."plover/borg/patterns/keys".path
+          config.sops.secrets."plover/borg/repos/host/patterns/keys".path
         ];
         repo = borgRepo "host";
+        passCommand = "cat ${config.sops.secrets."plover/borg/repos/host/password".path}";
       };
 
       # Backups for various services.
@@ -547,6 +549,7 @@ in
             config.services.postgresqlBackup.location
           ];
           repo = borgRepo "services";
+          passCommand = "cat ${config.sops.secrets."plover/borg/repos/services/password".path}";
         } // { startAt = "weekly"; };
     };
 
diff --git a/hosts/plover/secrets/secrets.yaml b/hosts/plover/secrets/secrets.yaml
index 2d22b5e3..e50fd4b0 100644
--- a/hosts/plover/secrets/secrets.yaml
+++ b/hosts/plover/secrets/secrets.yaml
@@ -16,9 +16,13 @@ gitea:
 vaultwarden:
     env: ENC[AES256_GCM,data:9RebpDWaKhPHpUzWDOuOYSDDtJ/pAvL30ipZuZz5OxUsUKoepHHLeBhjQzxyvwIDd2lT1Jx3UdLVSoKmh2qxGboFdBt9XF+grEzsQoP18wiSopiPjlAyaRgZ2f/6d46G+NYy13J4+N6zbPSHS3W76vpa6Vy8Fn7MWy3bXVoE4m9vORagPT/OZO+tcbJGjjVWUbz6JwNv0o+VvVPAHtXB9esnkqYMK1LvvDKLoT6eBtbu0MUmcnQ=,iv:UxbyYnNJPV+tznBBf3wFsu5eNayuJHuMfn6QfFi52ss=,tag:FMIhzv6UrR6rkqlOZ56oVg==,type:str]
 borg:
-    password: ENC[AES256_GCM,data:yvAtGsdJDYFRSUoq09iBh+snFWsJMrED++H3O/U=,iv:5N/OsIIEQr/c2ge23QznSPD88Jsccf8EdzlpG0c6zRs=,tag:896/9Z3LK1VFM4100ga8Qw==,type:str]
-    patterns:
-        keys: ENC[AES256_GCM,data:rv1I75M+3Y4vR65aloXyPgD594n2U9zcOFg4853yeA/+jUpDUC+Is9SaKVo1AB90LgnPl5yhGNzQbM5q9INaq9SL,iv:xj/owX79CeWV2ztQ0DP5bQRBwLPZiCpHB/JAK5tCfH8=,tag:sgkrWI/PtxZjw70lQfD8Jg==,type:str]
+    repos:
+        host:
+            password: ENC[AES256_GCM,data:EEHtGBASOY1t1hGmtNZ7/Edc01v4yNZgpcycT04=,iv:pgQ43gqx9iYk+SfGkPQfknTixn0MLkeTJzhUhOzjw6A=,tag:ihuKeJnY/L5iBfx/pvBRYw==,type:str]
+            patterns:
+                keys: ENC[AES256_GCM,data:u+oNQAUoPVIZHAtjNhjg+P/n2XGLpFZGPKxgxwbkaCGXvTg5femyjPTghFKypeANfK13AuPu7RjjG68S/5+HfiB3,iv:zlicZvzURkhY2XIYLO1QFavV4gikZWRyL5BXZ7Oax7E=,tag:QWhMGYgUKkoocAFJW0GICQ==,type:str]
+        services:
+            password: ENC[AES256_GCM,data:FDzK9Iv1iAhbRoSOiW1c0G5lW39BcivDAp0QzaW/XT2y,iv:VD/coWjhdsYAi8R03AqSH2kcqHHdqiXuxGINuWAwVek=,tag:mBLwdJGdOEEHO82rsvCYiw==,type:str]
     ssh-key: ENC[AES256_GCM,data:Sue8+VkfMHDbIx5dZps9G7iEALOf3Wvm2FcXdGr8dCURytIUaSszTGfjSRRXnmjNS1bymt1SBGo+2HSBHug8N56EC7gUFsRqfBEM+wBFPmYkR1LdtHLBEoC/4cpupvQLjNadmNplELjYBJCmURhTnrIdDIsHe8xCcGzarewlfiE9PuAa/hAjikUvqQyq2oljd0udINXC3wmGRK9m9SpnxW0YUPAL5A8GaXmn3eLSSLhDLbJJZK8/CMuBRnSYGbcmKessIiMetT7CR4pn7OHN2Naxg09uhquKWieeK9LXbMBIlgOZ004IdX1R+eNb9bI3+G4yN+VDv69xIDrtkTzksSePuaII+Vb6jTofB/DWWZ0b8cN7hPTC1JEKdaktd6pVTVqZ78dNAr4hi5sdELfHtgO6LZAajsN3TKviMoB1YUzHpt4+Ws12iR8B7njJKawh6ls8XvBpnYu8LpZmbo+IpN3yflpxGvlYThetdVSDB+gvzzyXqUmp4nlBiiwZdQXibHjkau2s1y1Es2+uy/NnkNR9VdNe9FGFpwFAsOyBOWmtOfucIE65KqyIskq2mXrW,iv:R9Se6PNqKZ61NQxY2J7p9W+Ougnaycl70Q24WCe4qG4=,tag:rEdbBnSs+Ix4p/W9Rpi0WA==,type:str]
 keycloak:
     db:
@@ -38,8 +42,8 @@ sops:
             ZCtNbnFqdzNkVlBtNjVCdE4yNHMrRjQKfFV4GaReO0UO81xsTB0EuN5ibVsafXJY
             miBgZAZWbJjSBcM4X+Fym/DlxHRoB1a6iFEFN9yg+Z9WI8PfjKnbsA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-01-06T15:49:16Z"
-    mac: ENC[AES256_GCM,data:2hp92GQOeixM7F3sl5MjaJ676S5ah0a6aaHf3QXJc/ibSvvfmJunoAJiHZmjFYZ56x36jb5NWYJjMIMUhUoqcbEpTYvNkY9T5N6Qs0DAAbIASm3RG9KGdsjBQYFpU7Y5f4i3GOG76Dg1kex1JeFms25mIalcxA8ZAkbjnI0ifeo=,iv:6m6nDZBkgcK3l8Ezy4/mB4+3tWFueWNVNNBXenZ1ExI=,tag:c2klGi+T+9qV3VZ3FH2taQ==,type:str]
+    lastmodified: "2023-01-07T09:17:12Z"
+    mac: ENC[AES256_GCM,data:YPV7nJeLwMzuR/xRzDCgBKICfahOw+P2pF9LQJ/1pQHVor+tPFHdDxe79rmqvrwred+LW/YLECwuxAGMnxds5GIQ1SFB8jwTYwV7pR2Pum7mHmJNP+5Z3x/hYso2UHMRpi4INyrnw5jbsGI05yEyjM41ySctrD1cploLLgr5hEk=,iv:WJ/8lDu+0w40fLDsUmFD2TITnCNRJpulHvSzOo3veh4=,tag:NvWGBDtNM6S8/htWzeeAAQ==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.7.3