diff --git a/pkgs/adam-site/default.nix b/pkgs/adam-site/default.nix
index b56243c..025941d 100644
--- a/pkgs/adam-site/default.nix
+++ b/pkgs/adam-site/default.nix
@@ -6,9 +6,9 @@ buildNpmPackage rec {
   src = fetchGit {
     url = "git@github.com:oberprofis/adams.git";
     ref = "main";
-    rev = "68fa8392335a462634d4bb886344762592c8d566";
+    rev = "95d7f5d21f129949c75bd23ee5edbf84595ceec3";
   };
-  npmDepsHash="sha256-ULxOaEpa2+YS45kh+2xCZMqXQs5bMYhy7J08DsFYE+s=";
+  npmDepsHash="sha256-PRFHBlVIdHfATAAKVKax+bY4o+9czdfl7HjFnKk4KtI=";
   installPhase = ''
     mkdir -p $out
     cp -r ./dist/adams-site/* $out
diff --git a/secrets/adminarea.age b/secrets/adminarea.age
new file mode 100644
index 0000000..2c9c8d5
--- /dev/null
+++ b/secrets/adminarea.age
@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 bqM3xA Y42xefWKGT6S7hVhvXEVOygSFfJj2N+Hgq5C4w+YGgQ
+DNOblrNet6mE+cYe6bCehdJB++t/yXn6i6PU9oMg8Y8
+-> ssh-ed25519 DCzi1A jkOZ2PwpkqFpQwtEwIPU1N5jeUySAMVNc56a06CM+w0
+LApR3u9D3+v5F6NHLVr8MSAM8aYSYMwOBlY8UXnyYfw
+--- o3Gzah0R4s3bKF77NH2HbuePX6odQ4Tt1xXh4FM5lh8
+°È{îûä¹‘D0Ç/s&iCM‘È®ˆç³îçÄ~àX¤ö¸
+­Z–h+™ g1ÄYÐ6	kišËP¡má…¦JV ò(Œ£]9;+Óü%‰µ‚ƒúüQDÏ¦*·²¬3ÍÎ7ô¡º‚þÁŸ
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 70a3c26..3729efc 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -32,5 +32,6 @@ in
   "stash-auth.age".publicKeys = [ mini-pc mini-pc-proxmox server kop ];
   "plausible-admin.age".publicKeys = [ adam-site kop ];
   "plausible-keybase.age".publicKeys = [ adam-site kop ];
+  "adminarea.age".publicKeys = [ adam-site kop ];
   "radicale.age".publicKeys = [ mini-pc mini-pc-proxmox kop ];
 }
diff --git a/systems/adam-site/configuration.nix b/systems/adam-site/configuration.nix
index 8f7a344..f6e01c6 100644
--- a/systems/adam-site/configuration.nix
+++ b/systems/adam-site/configuration.nix
@@ -18,6 +18,11 @@
     nix = { settings.enable = true; };
   };
 
+  age.secrets.stash-auth = {
+    file = ../../secrets/adminarea.age;
+    owner = "nginx";
+  };
+
   services.nginx = {
     enable = true;
 
@@ -33,7 +38,17 @@
       "imbissaggsbachdorf.at" = {
         forceSSL = true;
         enableACME = true;
-        locations."/".proxyPass = "http://127.0.0.1:4000";
+        locations = {
+          "/".proxyPass = "http://127.0.0.1:4000";
+          "/admin" = {
+            basicAuthFile = config.age.secrets.stash-auth.path;
+            proxyPass = "http://127.0.0.1:4000";
+          };
+          "/api/admin" = {
+            basicAuthFile = config.age.secrets.stash-auth.path;
+            proxyPass = "http://127.0.0.1:4000";
+          };
+        };
       };
       "plausible.imbissaggsbachdorf.at" = {
         forceSSL = true;