diff --git a/modules/hosts/soteria/soteria.nix b/modules/hosts/soteria/soteria.nix
index 83c3d5c..92734cb 100644
--- a/modules/hosts/soteria/soteria.nix
+++ b/modules/hosts/soteria/soteria.nix
@@ -2,7 +2,6 @@
 let
   username = "john";
   hostname = "soteria";
-  caURL = "https://janus.john-stream.com/";
 in
 {
   flake.nixosConfigurations."${hostname}" = inputs.nixpkgs.lib.nixosSystem {
@@ -85,7 +84,22 @@ in
     home.homeDirectory = "/home/${username}";
     shell.program = "zsh";
 
+    home.file.".step/config/defaults.json".text = builtins.toJSON {
+      "ca-url" = "https://janus.john-stream.com/";
+      fingerprint = "2036c44f7b5901566ff7611ea6c927291ecc6d2dd00779c0eead70ec77fa10d6";
+      root = "${config.home.homeDirectory}/.step/certs/root_ca.crt";
+    };
+
     mysops.hostSecretFile = "${config.xdg.configHome}/home-manager/modules/hosts/soteria/secrets.yaml";
+    mtls = {
+      enable = true;
+      subject = hostname;
+      caURL = "https://janus.john-stream.com/";
+      san = [
+        "${hostname}.john-stream.com"
+        "192.168.1.142"
+      ];
+    };
   };
 
   flake.homeConfigurations."${hostname}" = inputs.home-manager.lib.homeManagerConfiguration {