diff --git a/ansible/plays/services/minio/docker-compose.yaml b/ansible/plays/services/minio/docker-compose.yaml
index 8cb29af..aee1625 100644
--- a/ansible/plays/services/minio/docker-compose.yaml
+++ b/ansible/plays/services/minio/docker-compose.yaml
@@ -14,6 +14,7 @@ services:
       - "MINIO_ROOT_PASSWORD={{ minio.password | mandatory }}"
       - "MINIO_SERVER_URL=https://${MINIO_URL}"
       - "MINIO_BROWSER_REDIRECT_URL=https://${DASHBOARD_URL}"
+      - "MINIO_KMS_SECRET_KEY=kms-key:{{ lookup('env', 'MINIO_KMS_SECRET_KEY') }}"
     volumes:
       - data:/data
     labels:
diff --git a/ansible/secrets.yml b/ansible/secrets.yml
index 0396b45..0b9e792 100644
--- a/ansible/secrets.yml
+++ b/ansible/secrets.yml
@@ -1,5 +1,6 @@
 ---
 ANSIBLE_VAULT_PASSWORD_FILE: !file:var ansible/vault
+MINIO_KMS_SECRET_KEY: !var minio/kms_secret_key
 SSH_KEY_thonkpad_ka_chaoswg_org: !var:file machine/thonkpad.ka.chaoswg.org/ssh_key
 SSH_KEY_host_nc_chaoswg_org: !var:file machine/host.nc.chaoswg.org/ssh_key
 SSH_KEY_mon1_hel1_chaoswg_org: !var:file machine/mon1.hel1.chaoswg.org/ssh_key