diff --git a/docs/hosts.org b/docs/hosts.org
index fb04691..1e18faf 100644
--- a/docs/hosts.org
+++ b/docs/hosts.org
@@ -1,4 +1,18 @@
 #+title: Hosts
+* Setting up a new vult host
+** Generate a password for your host
+#+begin_src bash
+pass generate samfelag/<host>
+#+end_src
+** Change the password in the host
+Enter into the host via the vultr dashboard "View Console"
+#+begin_src bash
+passwd
+#+end_src
+** You can now ssh into the host with the new password
+#+begin_src bash
+ssh nixos@<host_public_ip>
+#+end_src
 * Setting up a new host
 ** Generate a host ssh key pair
 Generate the key pair (we'll use the name `id_<host>`)
diff --git a/secrets/consul.d/agent-token-reykjavik.json.age b/secrets/consul.d/agent-token-reykjavik.json.age
index c99c78b..bd3438b 100644
Binary files a/secrets/consul.d/agent-token-reykjavik.json.age and b/secrets/consul.d/agent-token-reykjavik.json.age differ
diff --git a/secrets/consul.d/agent-token-thingvellir.json.age b/secrets/consul.d/agent-token-thingvellir.json.age
index f93970f..aa3d55c 100644
--- a/secrets/consul.d/agent-token-thingvellir.json.age
+++ b/secrets/consul.d/agent-token-thingvellir.json.age
@@ -1,7 +1,7 @@
 age-encryption.org/v1
--> ssh-ed25519 GWuf0Q 8KY3le+D4r6SJVPdkjL3P4fLA7rS00F+LkRieMGcrA0
-0ffzmUzTFEPiYmLG02Y0XweXTvFjEt6lao8ySE73Eoo
--> ssh-ed25519 kNjiNQ 0Hg11FGDMDrus/MA9UMRA8jt3aoJYbQMJ8vM4PrYtyY
-H9ZURqsrkmviJMpsbiKDUk8r+NWlAsrQ0OpO5U7U0dg
---- jQa7EUd7cX7AexX3FCJaOb4xVZ9/TP7WXakcgVKH5PM
-COˆ`ÎPØg‡êhe«E™ hyÖ×ê‹‚õø‡ƒFùfãÇ¥@ì¥AUGý ³LÑêÊ³Ý:÷;{ø¹<kH±í -Ú¥âŒÈwËm›6Ù`ÅèœÔé~)øÄwoÏ¡šE‚b{÷’#{çøT	ÓÖÈv£Èp+(	zRFÙòó·‘Á;Üˆ0¦[Ýþpð?æž•#Aç^.œ~û™ Œr#Y‰1x”^”*C‡&¾
\ No newline at end of file
+-> ssh-ed25519 GWuf0Q z5DKW5ikWJPBjNjrgoUuJF8be9f9naDOxZ74sOpf5FY
+kiV2yRp+BVwTInS1EMkzhGyfGGEdHcB9DGlbzTA9lpQ
+-> ssh-ed25519 kNjiNQ YLZNTRHp6sj3v0wu7WMitqBykTcqaGYcfZbJkF0ougM
+dI8B6KF6bvSONOo/dTOq6jyYIn6Rj1AMABUeOU2hWUQ
+--- V+29XmjyMdtKIFBz9VW/D/A9sM6HPLYe1HZf458md64
+'”w"2sÿýIIê©§çgÈ¦M£&”;X±éjŽS{Å ñçÂŒHxlôy¼¾úîkóòcrÅÏ½ÜŸkdZÑ”\ÜÞ|¦Y²¥Þƒ¸û"ì˜S,­íwQkÝ@¡ìKnÕùªTÞ83G˜^€ŸµÇ2ð38,¼ˆdJùNgüûŸŸ¹µ¸f–dþÓ¯LDÍ]éBÏîfvTO„ºÅýèŸlnž÷ŽŠ-ŽZmMn<7qwé
\ No newline at end of file
diff --git a/secrets/consul.d/consul-agent-ca-key.pem.age b/secrets/consul.d/consul-agent-ca-key.pem.age
index e44dae8..d72f03b 100644
Binary files a/secrets/consul.d/consul-agent-ca-key.pem.age and b/secrets/consul.d/consul-agent-ca-key.pem.age differ
diff --git a/secrets/consul.d/consul-agent-ca.pem.age b/secrets/consul.d/consul-agent-ca.pem.age
index e0a9c40..1c6912a 100644
Binary files a/secrets/consul.d/consul-agent-ca.pem.age and b/secrets/consul.d/consul-agent-ca.pem.age differ
diff --git a/secrets/consul.d/gossip.json.age b/secrets/consul.d/gossip.json.age
index 1983204..b7f0ecd 100644
--- a/secrets/consul.d/gossip.json.age
+++ b/secrets/consul.d/gossip.json.age
@@ -1,9 +1,10 @@
 age-encryption.org/v1
--> ssh-ed25519 GWuf0Q V6HZPuKmDsfaVVnJveBuLwLCndktAB7xudXvB9niGRg
-hEKkg2Ltbt3Ie1Ci6VabOSjp/pZeandKlZl67kqZd9A
--> ssh-ed25519 zhVGHw BwZzAbAXSX/frkhi5wFJzDaEWXOQaqNfdEC4EIZwBX0
-cbysAZi82rbqH2T+cipPPNgsnHn2aU/tQYMlmt8zpPE
--> ssh-ed25519 kNjiNQ ijvaL5MqfKqzD5X9uOAx78PfsUNSJkQ+nhC/EGyG03Y
-uq2HskFBaNjTiNeipz4H9eoHJ4KDz614DSMfW3rz9Yk
---- FWfT5xb1cTntOfVIjzbw1ZD6nFRfKunQL0k/0/xx+dQ
-hµôqÂâsaƒmîíì`v¸»öíŠãBÙxeZp „}§àÏÌý'’d2$ürÏ»0ÚqßKE5‰NÐÊ®9®£R&(–tuxX4¶ï–ëÝqgÄŒŒzvkèŸXän9B Ò
\ No newline at end of file
+-> ssh-ed25519 GWuf0Q HU052z43DHXbPh4m0Cn8YWEabVMdT9Ab9ZvnRTkiGiM
+jsGBcbgj1JeYBdvnRqKT310VnWqZmRYIE+LbkPVmDxs
+-> ssh-ed25519 zhVGHw 1oy7y5z6KQy+JYRIPyqfeCgJUbGWdo77NiGnVRA0QRk
+qNrRnats5cFFv8K3YUtUXdSwhWkgcBGTeDlhWTkrNRM
+-> ssh-ed25519 kNjiNQ IWfsJxXu1Kg6Z5p1qNBopU0RkYt7/s6jw/DJDQXpTHc
+ouzaIxV7Y+pE8t/8s4Vk/AO/MccUpgHGhn1cq6C+E08
+--- LL3bXyeMTogvYXqjhwL75j64P9bNIFG2pwFanjOYm2o
+)Š‰>‹ÊóFÚâ®ö=»!‰Ëvÿ•½ƒE`¹Æe*ëmOg¸Jö+CT‰
+Õèw+ïºÖÍtÎ«pû[ÝéÏ^8kÿ RYœ°_”ôýã=8xgîö–!ƒÇ
\ No newline at end of file
diff --git a/secrets/consul.d/samfelag-server-thingvellir-key.pem.age b/secrets/consul.d/samfelag-server-thingvellir-key.pem.age
index 3cd812f..cb10845 100644
Binary files a/secrets/consul.d/samfelag-server-thingvellir-key.pem.age and b/secrets/consul.d/samfelag-server-thingvellir-key.pem.age differ
diff --git a/secrets/consul.d/samfelag-server-thingvellir.pem.age b/secrets/consul.d/samfelag-server-thingvellir.pem.age
index ec77a94..d517710 100644
Binary files a/secrets/consul.d/samfelag-server-thingvellir.pem.age and b/secrets/consul.d/samfelag-server-thingvellir.pem.age differ
diff --git a/secrets/nomad.d/consul-token-client.json.age b/secrets/nomad.d/consul-token-client.json.age
index d6a24b6..8795ea4 100644
Binary files a/secrets/nomad.d/consul-token-client.json.age and b/secrets/nomad.d/consul-token-client.json.age differ
diff --git a/secrets/nomad.d/consul-token-server.json.age b/secrets/nomad.d/consul-token-server.json.age
index 0bdb95a..08a7bbf 100644
--- a/secrets/nomad.d/consul-token-server.json.age
+++ b/secrets/nomad.d/consul-token-server.json.age
@@ -1,8 +1,7 @@
 age-encryption.org/v1
--> ssh-ed25519 GWuf0Q 4t1WD76CN3hhc3073abxAsobKWKDX+yemaIxHy8PiDk
-9O2cAi7MJVqGiTNnOIez4MACEYMB3/YyLSz4Z4YWe2c
--> ssh-ed25519 kNjiNQ WaXpqZbqRuLo9q241VclrLfHOQ94VRB8D0RY2es8KBM
-P6iayA+emjHOEg59EzXU32RCRKZaGS0j7d3wk4Is6tQ
---- QsnjyrQe2d1K59Q/i3/NIXaK87rsDf4neQS5sKJ6yeY
-±&8"Ú¨?4™?¬”
-$É!þÈÄëYíêjuÌ*8Éc¿DÖC°Á–!"è|hVÀ9N>™£lvDH·è1V’2XCÑÿóAë£'µ÷!¥-kÑ€¥­˜×Íèèý¡BË¡ƒ‹
\ No newline at end of file
+-> ssh-ed25519 GWuf0Q GSvUmcsNXSkoVOD8V/UP+KAGfKX4REahFDmwlROkoSw
+ruTijdplgtQZP3wjnNGemh3a0omKK95xsfXzkWce0lM
+-> ssh-ed25519 kNjiNQ zT/ticPDHAujEWqSUrPaGsgPBdbaLvLQ/RSMz5C0aW8
+JTy+b/N6yjfPtrhYXkFWb26PGa+b/M1DVKeGsW2oimg
+--- TKdmCeaBKPBBIkKvUqqqQz9DQigRuLRT2ZFto7Jtqr0
+ÈëW†3L®þjä¯•¤'HgçR’s†;•w§¸Û‘¿Öt{E"Üævó‚Ÿè©Š•÷õÍ17%&Óü­(†ô{ËõŸE¦.§Óô3ÇSˆzNcÅçVÒ·läÂˆfŠWÊ–u5d2
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 3d65e62..fe0de82 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -2,12 +2,14 @@ let
   id-reykjavik = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFwwpKfxNmUyBoPZqz1jYc6arCdHPvJrEsBN49m/P3By";
   id-hvannadal = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICy1ocZywBvFHpIj+FvaC7QspRWuLXjy6fwakq9t+0Ev";
   id-thingvellir = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEIvWEwYayFK8iRb4g2+cnQXlqiMBu3aWxTahXkaCNG7";
+  id-quinto = " ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINxgIT2+aoP+ZLMPupV8M0UwCLX6A3s+H6z3BJPCjJc0";
 
   # --- Host lists ---
   # Since we want to be able to manage/edit all secrets from reykjavik, we create helper lists that
   # always contain reykjavik
   reykjavik = [id-reykjavik];
   thingvellir = [id-reykjavik id-thingvellir];
+  quinto = [id-reykjavik id-quinto];
 
   samfelag-hosts = [
     id-reykjavik
diff --git a/secrets/ssh-keys/deploy_keys.sh b/secrets/ssh-keys/deploy_keys.sh
new file mode 100755
index 0000000..f9fa3e0
--- /dev/null
+++ b/secrets/ssh-keys/deploy_keys.sh
@@ -0,0 +1,22 @@
+#!/usr/bin/env bash
+
+set -e
+
+read -p "Hostname: " HOSTNAME
+read -p "IP (leave empty tu use hostname): " HOSTIP
+if [ -z "${HOSTIP}" ]; then
+    HOSTIP=$HOSTNAME
+    echo "Using $HOSTIP"
+fi
+read -p "Username: " USERNAME
+
+PRIVATE_KEY="id_$HOSTNAME"
+PUBLIC_KEY="id_$HOSTNAME.pub"
+
+echo "Deploying private key ($PRIVATE_KEY) to ($USERNAME@$HOSTIP) ..."
+scp $PRIVATE_KEY $USERNAME@$HOSTIP:.ssh/$PRIVATE_KEY
+
+echo "Deploying public key ($PUBLIC_KEY) to ($USERNAME@$HOSTIP) ..."
+scp $PUBLIC_KEY $USERNAME@$HOSTIP:.ssh/$PUBLIC_KEY
+
+echo "Done"
diff --git a/secrets/ssh-keys/id_quinto.gpg b/secrets/ssh-keys/id_quinto.gpg
new file mode 100644
index 0000000..3d66707
Binary files /dev/null and b/secrets/ssh-keys/id_quinto.gpg differ
diff --git a/secrets/ssh-keys/id_quinto.pub b/secrets/ssh-keys/id_quinto.pub
new file mode 100644
index 0000000..53d3989
--- /dev/null
+++ b/secrets/ssh-keys/id_quinto.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINxgIT2+aoP+ZLMPupV8M0UwCLX6A3s+H6z3BJPCjJc0 marc@reykjavik
