diff --git a/requirements.yml b/requirements.yml
index d5ebdfc..e5538cc 100644
--- a/requirements.yml
+++ b/requirements.yml
@@ -3,3 +3,6 @@ collections:
   - name: debops.debops
     version: ">=3.1.0"
     source: https://galaxy.ansible.com
+  - name: community.sops
+    version: ">=2.2.4"
+    source: https://galaxy.ansible.com
diff --git a/roles/ansible_pull/tasks/main.yaml b/roles/ansible_pull/tasks/main.yaml
index eff8cb0..e77bfc4 100644
--- a/roles/ansible_pull/tasks/main.yaml
+++ b/roles/ansible_pull/tasks/main.yaml
@@ -1,8 +1,14 @@
 - name: ensure dependencies are installed
-  ansible.builtin.apt:
-    name: virtualenv
-    state: present
-  become: true
+  block:
+    - name: ensure apt dependencies are installed
+      ansible.builtin.apt:
+        name: virtualenv
+        state: present
+      become: true
+
+    - name: ensure SOPS is installed
+      ansible.builtin.include_role:
+        name: community.sops.install
 
 # https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-and-upgrading-ansible-with-pip
 # https://www.redhat.com/en/blog/python-venv-ansible