diff --git a/scripts/remote-install-encrypt.sh b/scripts/remote-install-encrypt.sh
index 277f519..f0553c2 100755
--- a/scripts/remote-install-encrypt.sh
+++ b/scripts/remote-install-encrypt.sh
@@ -25,6 +25,9 @@ fi
 
 hostname=$1
 ipaddress=$2
+dbpath="./machines/secrets/keys/itag.kdbx"
+read -sp "Enter password for keepassxc: " pw
+
 
 # Create a temporary directory
 temp=$(mktemp -d)
@@ -39,12 +42,13 @@ trap cleanup EXIT
 install -d -m755 "$temp/etc/ssh/"
 install -d -m755 "$temp/root/"
 
-diskKey=$(sops -d machines/$hostname/disk.key)
+diskKey=$(echo "$pw" | keepassxc-cli show -a Password $dbpath hosts/$hostname/encryption)
 echo "$diskKey" > /tmp/secret.key
 echo "$diskKey" > $temp/root/secret.key
 
-ssh-keygen -f $temp/etc/ssh/"$hostname" -t ed25519 -N ""
-ssh-keygen -f $temp/etc/ssh/initrd -t ed25519 -N ""
+echo "$pw" | keepassxc-cli attachment-export $dbpath hosts/$hostname/sshkey private "$temp/etc/ssh/$hostname"
+
+echo "$pw" | keepassxc-cli attachment-export $dbpath hosts/$hostname/sshkey-init private "$temp/etc/ssh/initrd"
 
 # # Set the correct permissions so sshd will accept the key
 chmod 600 "$temp/etc/ssh/$hostname"