diff --git a/systems/jeeves-jr/services.nix b/systems/jeeves-jr/services.nix
index 9fc783d..ab03607 100644
--- a/systems/jeeves-jr/services.nix
+++ b/systems/jeeves-jr/services.nix
@@ -1,4 +1,4 @@
-{ inputs, ... }:
+{ config, inputs, ... }:
 {
   systemd = {
     services.startup_validation = {
@@ -6,7 +6,7 @@
       description = "validates startup";
       serviceConfig = {
         Type = "oneshot";
-        Environment = "WEBHOOK_URL=test";
+        Environment = config.sops.secrets."server-validation/webhook".path;
         ExecStart = "${inputs.server_tools.packages.x86_64-linux.default}/bin/validate_jeevesjr";
       };
     };
@@ -18,4 +18,8 @@
       };
     };
   };
+  sops = {
+    defaultSopsFile = ./secrets.yaml;
+    secrets."server-validation/webhook".owner = "root";
+  };
 }
diff --git a/systems/jeeves/services.nix b/systems/jeeves/services.nix
index db28b1a..26e7aeb 100644
--- a/systems/jeeves/services.nix
+++ b/systems/jeeves/services.nix
@@ -1,4 +1,9 @@
-{ inputs, pkgs, ... }:
+{
+  config,
+  inputs,
+  pkgs,
+  ...
+}:
 {
   systemd = {
     services = {
@@ -6,7 +11,6 @@
         description = "maintains /zfs/storage/plex permissions";
         serviceConfig = {
           Type = "oneshot";
-          Environment = "WEBHOOK_URL=test";
           ExecStart = "${pkgs.bash}/bin/bash ${./scripts/plex_permission.sh}";
         };
       };
@@ -14,6 +18,7 @@
         wantedBy = [ "multi-user.target" ];
         description = "validates startup";
         serviceConfig = {
+          Environment = config.sops.secrets."server-validation/webhook".path;
           Type = "oneshot";
           ExecStart = "${inputs.server_tools.packages.x86_64-linux.default}/bin/validate_jeeves";
         };
@@ -37,4 +42,8 @@
       };
     };
   };
+  sops = {
+    defaultSopsFile = ./secrets.yaml;
+    secrets."server-validation/webhook".owner = "root";
+  };
 }
diff --git a/systems/palatine-hill/services.nix b/systems/palatine-hill/services.nix
index a202723..42b87a6 100644
--- a/systems/palatine-hill/services.nix
+++ b/systems/palatine-hill/services.nix
@@ -1,4 +1,4 @@
-{ inputs, ... }:
+{ config, inputs, ... }:
 {
   systemd = {
     services.startup_validation = {
@@ -6,7 +6,7 @@
       description = "validates startup";
       serviceConfig = {
         Type = "oneshot";
-        Environment = "WEBHOOK_URL=test";
+        Environment = config.sops.secrets."server-validation/webhook".path;
         ExecStart = "${inputs.server_tools.packages.x86_64-linux.default}/bin/validate_palatine_hill";
       };
     };
@@ -18,4 +18,8 @@
       };
     };
   };
+  sops = {
+    defaultSopsFile = ./secrets.yaml;
+    secrets."server-validation/webhook".owner = "root";
+  };
 }