--- a/src/cmds/build_systems.rs
+++ b/src/cmds/build_systems.rs
@@ -47,7 +47,6 @@
 
 impl BuildSystems {
 	pub fn run(self, config: &Config) -> Result<()> {
-		println!("Build");
 		let hosts = config.list_hosts()?;
 
 		for host in hosts.iter() {
@@ -76,7 +75,6 @@
 				));
 
 			if let Some(builders) = &self.builders {
-				println!("Using builders: {}", builders);
 				nix_build.arg("--builders").arg(builders);
 			}
 			if let Some(jobs) = &self.jobs {
--- a/src/cmds/secrets/mod.rs
+++ b/src/cmds/secrets/mod.rs
@@ -56,14 +56,15 @@
 					let mut encryptor =
 						age::Encryptor::with_recipients(recipients).wrap_output(&mut encrypted)?;
 					io::copy(&mut Cursor::new(input), &mut encryptor)?;
-					ascii85::encode(&encrypted)
+					encryptor.finish()?;
+					encrypted
 				};
 
 				let mut data = config.data_mut();
-				if data.secret.contains_key(&name) && !force {
+				if data.secrets.contains_key(&name) && !force {
 					bail!("secret already defined");
 				}
-				data.secret.insert(
+				data.secrets.insert(
 					name,
 					FleetSecret {
 						owners: machines,
--- a/src/fleetdata.rs
+++ b/src/fleetdata.rs
@@ -1,5 +1,5 @@
 use chrono::{DateTime, Utc};
-use serde::{Deserialize, Serialize};
+use serde::{Deserialize, Deserializer, Serialize, Serializer};
 use std::collections::BTreeMap;
 
 #[derive(Serialize, Deserialize, Default)]
@@ -16,7 +16,7 @@
 	pub hosts: BTreeMap<String, HostData>,
 	#[serde(default)]
 	#[serde(skip_serializing_if = "BTreeMap::is_empty")]
-	pub secret: BTreeMap<String, FleetSecret>,
+	pub secrets: BTreeMap<String, FleetSecret>,
 }
 
 #[derive(Serialize, Deserialize)]
@@ -28,5 +28,22 @@
 	pub expire_at: Option<DateTime<Utc>>,
 	#[serde(skip_serializing_if = "Option::is_none")]
 	pub public: Option<String>,
-	pub secret: String,
+	#[serde(serialize_with = "as_z85", deserialize_with = "from_z85")]
+	pub secret: Vec<u8>,
+}
+
+fn as_z85<S>(key: &[u8], serializer: S) -> Result<S::Ok, S::Error>
+where
+	S: Serializer,
+{
+	serializer.serialize_str(&z85::encode(&key))
+}
+
+fn from_z85<'de, D>(deserializer: D) -> Result<Vec<u8>, D::Error>
+where
+	D: Deserializer<'de>,
+{
+	use serde::de::Error;
+	String::deserialize(deserializer)
+		.and_then(|string| z85::decode(&string).map_err(|err| Error::custom(err.to_string())))
 }
--- a/src/host.rs
+++ b/src/host.rs
@@ -68,8 +68,6 @@
 		let mut str = self.directory.as_os_str().to_owned();
 		str.push("#");
 		str.push(attr_name);
-
-		println!("{:?}", str);
 		str
 	}