diff --git a/nixos/secrets.nix b/nixos/secrets.nix
index 320787ba..3d47525e 100644
--- a/nixos/secrets.nix
+++ b/nixos/secrets.nix
@@ -11,11 +11,16 @@
       Unit = {
         Description = "Import GPG private key";
         After = [ "agenix.service" ];
+        # 3 total retries
+        StartLimitIntervalSec = 0;
+        StartLimitBurst = 3;
       };
 
       Install.WantedBy = [ "default.target" ];
       Service = {
         Type = "oneshot";
+        RestartSec = 5;
+        Restart = "onfailure";
         ExecStart =
           let path = config.age.secrets.gpg-keys.path;
           in "${pkgs.gnupg}/bin/gpg --batch --import ${path}";