diff --git a/hosts/common/configs/system/ssh/default.nix b/hosts/common/configs/system/ssh/default.nix
index 04dd3ff..cc3ac4c 100644
--- a/hosts/common/configs/system/ssh/default.nix
+++ b/hosts/common/configs/system/ssh/default.nix
@@ -1,6 +1,8 @@
 { ... }:
 {
   programs.ssh = {
+    startAgent = true;
+
     knownHosts = {
       installer.publicKeyFile = ../../../../installer/secrets/ssh_host_ed25519_key.pub;
       eirene.publicKeyFile = ../../../../eirene/secrets/ssh_host_ed25519_key.pub;
diff --git a/hosts/elara/default.nix b/hosts/elara/default.nix
index b504c8c..14130b0 100644
--- a/hosts/elara/default.nix
+++ b/hosts/elara/default.nix
@@ -53,7 +53,30 @@
 
   networking.hostName = "elara";
   i18n.defaultLocale = "en_US.UTF-8";
-  sops.defaultSopsFile = ./secrets/secrets.yaml;
+
+  sops = {
+    defaultSopsFile = ./secrets/secrets.yaml;
+
+    # Required for building private SAS packages
+    secrets."ssh/sas/git/key" = {
+      sopsFile = ../../secrets/sas/secrets.yaml;
+      path = "/root/.ssh/ssh_git_sas_ed25519_key";
+    };
+  };
+
+  programs.ssh.extraConfig = ''
+    Host github.com
+      User git
+      HostName github.com
+      IdentityFile /root/.ssh/ssh_git_sas_ed25519_key
+      StrictHostKeyChecking no
+
+    Host gitlab.sas.com
+      User git
+      HostName gitlab.sas.com
+      IdentityFile /root/.ssh/ssh_git_sas_ed25519_key
+      StrictHostKeyChecking no
+  '';
 
   environment.impermanence.device =
     config.disko.devices.disk.usb.content.partitions.root.content.name;
diff --git a/hosts/elara/users/nikara/default.nix b/hosts/elara/users/nikara/default.nix
index 08349a1..29617ea 100644
--- a/hosts/elara/users/nikara/default.nix
+++ b/hosts/elara/users/nikara/default.nix
@@ -65,6 +65,10 @@ in
     (import ../../../common/configs/user/gui/wev { inherit user home; })
     (import ../../../common/configs/user/gui/x11 { inherit user home; })
     (import ../../../common/configs/user/gui/xdg { inherit user home; })
+
+    # Warning: the following imports use private SAS repositories.
+    # You must build the system once with these imports commented out,
+    # then uncomment them and rebuild the system once keys are provisioned.
   ];
 
   # echo "password" | mkpasswd -s