diff --git a/maskiner/core/configuration.nix b/maskiner/core/configuration.nix
index d3a2376..c9775f0 100644
--- a/maskiner/core/configuration.nix
+++ b/maskiner/core/configuration.nix
@@ -56,6 +56,11 @@ in
   sops.secrets.build-service = { };
   sops.secrets.fredrik-wastring = { };
   sops.secrets.fw-qemu = { };
+  sops.secrets.fleet-enroll-secret = {
+    owner = "root";
+    group = "root";
+    mode = "0400";
+  };
   sops.secrets.github_token = {
     owner = "fw";
     group = "users";
@@ -69,6 +74,39 @@ in
 
   environment.systemPackages = [ pkgs.cifs-utils ];
 
+  systemd.services.fleet-osquery = {
+    description = "osquery enrolled to Fleet";
+    wantedBy = [ "multi-user.target" ];
+    after = [ "network-online.target" ];
+    wants = [ "network-online.target" ];
+
+    serviceConfig = {
+      Restart = "always";
+      RestartSec = "5s";
+      StateDirectory = "osquery";
+      RuntimeDirectory = "osquery";
+
+      ExecStart = ''
+        ${pkgs.osquery}/bin/osqueryd \
+          --host_identifier=uuid \
+          --pidfile=/run/osquery/osqueryd.pid \
+          --extensions_socket=/run/osquery/osquery.em \
+          --database_path=/var/lib/osquery/osquery.db \
+          --enroll_tls_endpoint=/api/osquery/enroll \
+          --config_plugin=tls \
+          --config_tls_endpoint=/api/osquery/config \
+          --logger_plugin=tls \
+          --logger_tls_endpoint=/api/osquery/log \
+          --distributed_plugin=tls \
+          --distributed_tls_read_endpoint=/api/osquery/distributed/read \
+          --distributed_tls_write_endpoint=/api/osquery/distributed/write \
+          --tls_hostname=fleet.internalifacts.se:443 \
+          --enroll_secret_path=${config.sops.secrets.fleet-enroll-secret.path} \
+          --tls_server_certs=/etc/ssl/certs/ca-certificates.crt
+      '';
+    };
+  };
+
   fileSystems."/mnt/testweb/C" = {
     device = "//192.168.0.226/C$";
     fsType = "cifs";
diff --git a/moduler/fish.nix b/moduler/fish.nix
index fd212a1..286e943 100644
--- a/moduler/fish.nix
+++ b/moduler/fish.nix
@@ -118,9 +118,11 @@ in
                     set -gx PATH $PATH $HOME/scripts
                     set -gx PATH $PATH $HOME/.krew/bin
 
+
                     if not set -q SSH_AUTH_SOCK
                       eval (ssh-agent -c)
                       ssh-add ~/.ssh/id_ed25519 >/dev/null 2>&1
+						set SSH_AUTH_SOCK /home/fw/.bitwarden-ssh-agent.sock
                     end
 
                     set -Ux FZF_DEFAULT_OPTS "${fzfOpts}"
diff --git a/moduler/programs.nix b/moduler/programs.nix
index 4b306cc..56a7f38 100644
--- a/moduler/programs.nix
+++ b/moduler/programs.nix
@@ -77,6 +77,8 @@
 	go-passbolt-cli
 	wf-recorder
 	slurp
+	bitwarden-desktop
+	bitwarden-cli
 	
 
     dbeaver-bin
diff --git a/secrets/sops.yaml b/secrets/sops.yaml
index 0561cf7..dca72c9 100644
--- a/secrets/sops.yaml
+++ b/secrets/sops.yaml
@@ -14,6 +14,7 @@ fredrik-wastring: ENC[AES256_GCM,data:TQSjO/GGErorK1VwTUXU40o+8z8vh3OM01ErmmHnmp
 fw-qemu: ENC[AES256_GCM,data:TxbilLf79+gieY3WbAGl175aTUVjIc6rlKfYTy8Usmw=,iv:WCvfZctBVCSPwoCXMDoSroNt+kakGke5r0pFOSAMPgo=,tag:qY0HxicfypO15CozZ2fcoQ==,type:str]
 github_token: ENC[AES256_GCM,data:E8j5K2U8UvTpZtsWIm55dvvSxmZjDY15lYeXGuKnPuq1fRyb5HolEQ==,iv:tqODZ4Y247D4DhmC3z7XEq/2K2JsU76p1hxYkYiql9E=,tag:iYithxJyO/GKvKwwh4BDlA==,type:str]
 grafana_token: ENC[AES256_GCM,data:yAUqBV2/IF/wkyutHhf1Ui/xxRIt+SgsUk7QmdcnYa+x5KC8G1ifdcxJjPJvyQ==,iv:dGk6AfadwajDbFzTteCeyNIpwWRwdJbNwjGSlrmhaBU=,tag:svCcQo96PGFXu+MVsmn1HQ==,type:str]
+fleet-enroll-secret: ENC[AES256_GCM,data:2DEmgzsYvWZas65HLE4PaxZ3h7L4Gw8esVirZYrzCik=,iv:9t6ET8QnPLIl0Pnn9r24btF7VUQnRr3ukRH0oVsgIrg=,tag:mQ0yxEhx72L71DB36cfMew==,type:str]
 sops:
     age:
         - recipient: age1jeyw96795qu52swmtkjqgr2w3g4vxc43ckc5r4hlwpje23ptnfwsheah0s
@@ -61,7 +62,7 @@ sops:
             dFZ3T3VUeHVnVThadHVQaVJCNkdZeDQK99L7CbBbklUUtanyFIOiCzO3hZP1mh3z
             ZZhhr6BCcHBbqzLaRLbT27BTCoNuGsXxyzW6tpXYacYuITkcFq9bOQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2026-03-12T14:47:05Z"
-    mac: ENC[AES256_GCM,data:+v483ag0f3VorJB0zd6M+mFt3sM7NtDMmRzvH8aLcaoo78/WIHBWFHPSBYBSaXFsm7LYdfA3TpEkuazOzeaiShSMk4AM+g1OB/j6ulzo0jzKg/milD7VAhHYbVCL85IRUHL1It478AukcHAIkFBItzbz7pUNLyESSY14g165iLQ=,iv:nOi9uiAoSS0O0YgvKCPH1kYG8Jfl8gwqDZEULbnG1Bw=,tag:v3u+Z0EQ4qLNWsjoZYzT/Q==,type:str]
+    lastmodified: "2026-03-17T09:44:56Z"
+    mac: ENC[AES256_GCM,data:MX3xARncq/j17K5gtmGRi9E4LEOFDeoinahJ0o0AxECjdQYUndtlIMe+0/BfL2GIemhNaiHsQydjE4TrORgl/RGMcHj/gYy9EvY/m0E7gtSoWpxN5FOdavCQ4jcgRRxYj1mDdTuaS7VksWd+9XZMJh7ScmHlMI8PWdnTessd6Mk=,iv:GxuMN1Vt2fEBs/WrD4BvJlUIiGiHppZfzHU8NRB/4DA=,tag:OnHU8MnyLtclBCWKwribAQ==,type:str]
     unencrypted_suffix: _unencrypted
     version: 3.12.0