diff --git a/.sops.yaml b/.sops.yaml
index 03121b3..1fe1a0c 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -1,9 +1,7 @@
 keys:
-  - &ccchh_pass "age1egd6nutd7y8x5kd3uqxjpu326u9rz2vsqth2ss8nhvjlts3ukgrqsj2a92"
   - &user_lilly "age19h7xtfmt3py3ydgl8d8fgh8uakxqxjr74flrxev3pgmvvx94kvtq5d932d"
 creation_rules:
   - path_regex: secrets/passwords.yaml
     key_groups:
       - age:
-          - *ccchh_pass
           - *user_lilly
diff --git a/README.md b/README.md
index db00a4d..e059629 100644
--- a/README.md
+++ b/README.md
@@ -24,23 +24,11 @@ Please also keep our [Service & Responsibility Page](https://eh22.easterhegg.eu/
 
 This repository contains a sops configuration that is used for password encryption as well as secret management for our nix machines.
 
-### Using CCCHH Password-Store Key
-
-For convenience, a sops key has been added to the [CCCHH Password-Store](https://git.hamburg.ccc.de/CCCHH/password-store) which is able to encrypt all secrets of this repository.
-Sops can be told to use it like this:
-
-```bash
-export SOPS_AGE_KEY=$(pass noc/events/eh22/nox-sops-key)
-```
-
-If you don't have access to that, ask someone (@lilly for example) to authorize your personal key.
-
 ### Passwords
 
 All relevant passwords should be stored in `secrets/passwords.yaml` which is a plain yaml document with no strict schema but which is sops encrypted.
 It should contain all relevant passwords, a NOC admin needs.
 
-
 #### Accessing Passwords
 
 ```bash
@@ -60,12 +48,10 @@ I (Lilly) personally prefer age since it skips all the openpgp cli weirdness and
 
 Adding a new age key works like this:
 
-1. Run `age-keygen -o ~/.config/sops/age/keys.txt` and copy the public key from the generated file.
-2. Edit [.sops.yaml](./.sops.yaml) and enter the new key (preferably as a yaml anchor) under `keys` as well as the `creation_rule` for the passwords file.
+1. `vim .sops.yaml` and enter the new key (preferably as a yaml anchor) under `keys` as well as the `creation_rule` for the passwords file.
    Look at the existing file content and you'll figure it out.
+2. `sops updatekeys secrets/passwords.yaml` to reencrypt the password file with the newly added key.
 3. Commit and push changes.
-4. Ask someone with existing access to run `sops updatekeys secrets/passwords.yaml` to reencrypt the password file with the newly added key.
-   They should, of course, also commit and push the changes.
 
 ### Machine-Secrets
 
diff --git a/secrets/passwords.yaml b/secrets/passwords.yaml
index bcd90ab..8806649 100644
--- a/secrets/passwords.yaml
+++ b/secrets/passwords.yaml
@@ -18,23 +18,14 @@ sops:
     azure_kv: []
     hc_vault: []
     age:
-        - recipient: age1egd6nutd7y8x5kd3uqxjpu326u9rz2vsqth2ss8nhvjlts3ukgrqsj2a92
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVNlR6c1djamw2ZmpYb3pE
-            TDZBSlI1emJRWlZGRmJJbElXRlp4V0lUVWhzCm9EeWxqKy8xaVpNUXRIcUNNZGRj
-            R2dzN3IwZEJ4ajRMUmZnY2hwVWRNNlkKLS0tIE9TcE1NWUdaQ2x0My9QNDYwQjZO
-            K2pYWmV3WjkyRmdPYlRqakRndlJ4V0UKERTgFxUlywU3zZZ1VFeBjPrMG1kbWM9u
-            yz37P+dEj5c7djQFymyQInaAN9HgxoKZg+ouqaaUHIpp/pCGThFo3Q==
-            -----END AGE ENCRYPTED FILE-----
         - recipient: age19h7xtfmt3py3ydgl8d8fgh8uakxqxjr74flrxev3pgmvvx94kvtq5d932d
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3bU1Gd09tQ1FHYlJ2WWRZ
-            Ni9RdVhMaUI0bEEyd0pZaWNqQVlOZGRUMGtRClFRV0todlpDYmkxVjE3OFRZa3VQ
-            aXpLUGhlNFFGcjJHTzRlNk5qSEttSG8KLS0tIGJ5cFNhREw1KzZ5bjlBUFlLSzRs
-            YW1BSERaOURtVGpMSnRiTkJyaDR3OTQK3pXGQU1SoUKdmLKUe88e8/BjqPjmdhke
-            bP7DHbpvk4xG2Z3fnacihDCwiBASn2Wu350hl1WoM5pzMiqmS84X9Q==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6dkVFRnd5MjQ1S3Q3aTlq
+            UWJZZC9mUGZFQXpyczBFQWpVcUlJQXZjY0NzCnhQd3Q3QUhjbDZvdlMzeTRtQWtt
+            SCsyUVhvRFBzL01XaWduK2YvNkhrZzAKLS0tIDFzeHFrb2dZU3JmMmgzZVVHN3VR
+            Q0ZGUFBmUWpUYjR5OUwxOUplblZ0SmcKtMl1KoYwPb776zz8FfFnf0s7XlnOLnuU
+            nXkPxRaDel/3EsLnfhcONRAKTGdleRHAXQVIGHrs/jjnZ2OJgXIzYA==
             -----END AGE ENCRYPTED FILE-----
     lastmodified: "2025-02-21T18:34:34Z"
     mac: ENC[AES256_GCM,data:yeMXclT2ZdxHy2CqWQkXVay4EHHq2o8dXF2yXa7q1FKyteRzf0Gve/IQVxH3VXYsGQf3lSdL5EAe3BXmNesWnA5QfTELt2hzgd5nQ6+NTzLDXmi/AW3L4BhzpOoK7UIJ+mG42N4mkYlBe1dUyDBikxevWB3AAzGl7mAF/2io4TQ=,iv:d4g5dWUhFBauR8+4aPGU1hYkhyGsmdGBjgwBMs0HbtA=,tag:oOYKKCwOw/gjqeB/SCdkuQ==,type:str]