diff --git a/secrets.nix b/secrets.nix
index 417e9ba..ab40910 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -2,9 +2,11 @@ let
   keys = import common/ssh-keys.nix;
 
   commonKeys = {
-    global = [ keys.users.raito ];
-    lix = [ keys.users.jade ];
-    floral = [ keys.users.delroth ];
+    # WARNING: `keys.users.*` are *lists*, so you need concatenate them, don't put them into lists!
+    # Otherwise, agenix will be confused!
+    global = keys.users.raito;
+    lix = keys.users.hexchen ++ keys.users.jade;
+    floral = keys.users.delroth;
   };
 
   secrets = with keys; {
@@ -58,7 +60,7 @@ let
   mkSecretListFor = tenant:
     map (secretName: {
       name = "secrets/${tenant}/${secretName}.age";
-      value.publicKeys = secrets.${tenant}."${secretName}" ++ commonKeys.${tenant};
+      value.publicKeys = secrets.${tenant}."${secretName}" ++ commonKeys.global ++ commonKeys.${tenant};
     }) (builtins.attrNames secrets.${tenant});
 in
   builtins.listToAttrs (