diff --git a/README.md b/README.md
index cb8679e..3c70799 100644
--- a/README.md
+++ b/README.md
@@ -9,17 +9,15 @@ This is the repository for the NixOS configurations of the Katzen Café (Katzen
 - [x] Keycloak
 - [x] Penpot
 - [x] Forgejo
-- [ ] Vault
 - [x] Jitsi
 - [x] Mumble
-- [ ] Nextcloud
+- [x] Nextcloud
 - [ ] Karton
 - [ ] A plain ol' website
-- [ ] Mail sender
+- [x] Mail sender
 - [ ] Vaultwarden
 - [x] Calckey
-- [ ] Some matrix server
-- [x] minecraft
+- [x] <del>Some matrix server</del> conduit
 - [ ] Wiki for service and administration doc
 - [ ] Some external monitoring
 
diff --git a/flake.nix b/flake.nix
index 7ba4625..f84c77b 100644
--- a/flake.nix
+++ b/flake.nix
@@ -17,8 +17,7 @@
       hostPkgs = import nixpkgs { system = "x86_64-linux"; };
     in {
       devShell."x86_64-linux" = with hostPkgs; mkShell {
-        buildInputs = [ colmena vault ];
-        VAULT_ADDR = "https://hc-vault.katzen.cafe";
+        buildInputs = [ colmena pass ];
       };
       colmena = {
         meta = {
@@ -57,7 +56,6 @@
             ./modules/mumble.nix
             ./modules/modded-mc.nix
             #./modules/prosody.nix
-            ./modules/vault.nix
             ./modules/monitoring.nix
             ./modules/mailserver.nix
           ];
diff --git a/modules/containers/katzencafe-wiki.nix b/modules/containers/katzencafe-wiki.nix
index d691be7..8daac7a 100644
--- a/modules/containers/katzencafe-wiki.nix
+++ b/modules/containers/katzencafe-wiki.nix
@@ -86,12 +86,12 @@
     # NOTE: for some reason, i ahd to manually chown +r the password file for mediawiki to work.
     # i should figure out why to make this work when setting up new instances...
     "katzenwikiPwFile" = {
-      keyCommand = [ "cat" "/home/jade/keys-tmp/katzenwiki-passwordFile" ];
+      keyCommand = [ "pass" "wikis/katzenwiki/password" ];
       destDir = "/katzenwiki";
       name = "passwordFile";
     };
     "katzenwikiKeycloakClientSecret" = {
-      keyCommand = [ "cat" "/home/jade/keys-tmp/katzenwiki-keycloak-secret" ];
+      keyCommand = [ "pass" "wikis/katzenwiki/keycloak-secret" ];
       destDir = "/katzenwiki";
       name = "keycloakClientSecret";
       permissions = "0604";
diff --git a/modules/containers/nextcloud.nix b/modules/containers/nextcloud.nix
index d1a425f..2e5cf08 100644
--- a/modules/containers/nextcloud.nix
+++ b/modules/containers/nextcloud.nix
@@ -56,7 +56,7 @@
   };
   deployment.keys = {
     "nextcloud-admin-pass" = {
-      keyCommand = [ "cat" "/home/jade/keys-tmp/nextcloud-admin-pass" ];
+      keyCommand = [ "pass" "nextcloud/admin-password" ];
       destDir = "/nextcloud/secret";
       permissions = "0604";
     };
diff --git a/modules/containers/penpot.nix b/modules/containers/penpot.nix
index b79136e..7422c04 100644
--- a/modules/containers/penpot.nix
+++ b/modules/containers/penpot.nix
@@ -84,7 +84,7 @@
   };
   deployment.keys = {
     "penpot-secrets" = {
-      keyCommand = [ "cat" "/home/jade/keys-tmp/penpot-secrets" ];
+      keyCommand = [ "pass" "penpot/envfile" ];
       destDir = "/var/lib/secrets";
     };
   };
diff --git a/modules/containers/phtanumb-wiki.nix b/modules/containers/phtanumb-wiki.nix
index 5421df6..1045599 100644
--- a/modules/containers/phtanumb-wiki.nix
+++ b/modules/containers/phtanumb-wiki.nix
@@ -109,11 +109,11 @@
   };
   deployment.keys = {
     "passwordFile" = {
-      keyCommand = [ "cat" "/home/jade/keys-tmp/phtanumb-wiki-passwordFile" ];
+      keyCommand = [ "pass" "wikis/phtanumb/password" ];
       destDir = "/phtanum-b/wiki";
     };
     "keycloakClientSecret" = {
-      keyCommand = [ "cat" "/home/jade/keys-tmp/phtanumb-wiki-keycloak-secret" ];
+      keyCommand = [ "pass" "wikis/phtanumb/keycloak-secret" ];
       destDir = "/phtanum-b/wiki";
       permissions = "0604";
     };
diff --git a/modules/forgejo.nix b/modules/forgejo.nix
index ab7e63f..2084542 100644
--- a/modules/forgejo.nix
+++ b/modules/forgejo.nix
@@ -42,7 +42,7 @@
   };
   deployment.keys = {
     "noreply-mail-pw-plain" = {
-      keyCommand = [ "cat" "/home/jade/keys-tmp/noreply-mail-pw-plain" ];
+      keyCommand = [ "pass" "mailpws/plain/noreply" ];
       destDir = "/var/lib/secrets";
       permissions = "0604";
     };
diff --git a/modules/keycloak.nix b/modules/keycloak.nix
index 45497e1..8fd82e4 100644
--- a/modules/keycloak.nix
+++ b/modules/keycloak.nix
@@ -29,7 +29,7 @@
     };
   };
   deployment.keys."keycloakDbPw" = {
-    keyCommand = [ "cat" "/home/jade/keys-tmp/keycloak-db" ];
+    keyCommand = [ "pass" "keycloak/db-pass" ];
     destDir = "/var/lib/secrets";
   };
 }
diff --git a/modules/mailserver.nix b/modules/mailserver.nix
index b1aff48..0500e51 100644
--- a/modules/mailserver.nix
+++ b/modules/mailserver.nix
@@ -19,11 +19,11 @@
   };
   deployment.keys = {
     "admin-mail-pw" = {
-      keyCommand = [ "cat" "/home/jade/keys-tmp/admin-mail-pw" ];
+      keyCommand = [ "pass" "mailpws/hashes/admin" ];
       destDir = "/var/lib/secrets";
     };
     "noreply-mail-pw" = {
-      keyCommand = [ "cat" "/home/jade/keys-tmp/noreply-mail-pw" ];
+      keyCommand = [ "pass" "mailpws/hashes/noreply" ];
       destDir = "/var/lib/secrets";
     };
   };
diff --git a/modules/proxy.nix b/modules/proxy.nix
index acebee0..b2fa152 100644
--- a/modules/proxy.nix
+++ b/modules/proxy.nix
@@ -177,13 +177,6 @@
           add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
           '';
       };
-      "hc-vault.katzen.cafe" = {
-        forceSSL = true;
-        enableACME = true;
-        locations."/" = {
-          proxyPass = "http://127.0.0.1:8200";
-        };
-      };
     };
   };
 }