diff --git a/hosts/pinwheel/modules/work/default.nix b/hosts/pinwheel/modules/work/default.nix
index 3732582..76efbc1 100644
--- a/hosts/pinwheel/modules/work/default.nix
+++ b/hosts/pinwheel/modules/work/default.nix
@@ -5,6 +5,11 @@ let
 in
 {
   home-manager.users.alex = {
+    home.sessionVariables = {
+      GITHUB_ACTOR="Alexander Heldt";
+      GITHUB_TOKEN="$(${pkgs.coreutils}/bin/cat ${config.age.secrets.work-github-token.path})";
+    };
+
     programs.git = lib.mkIf gitEnabled {
       includes = [
         {
@@ -39,6 +44,13 @@ in
       group = "users";
     };
 
+    "work-github-token" = lib.mkIf gitEnabled {
+      file = ../../../../secrets/pinwheel/work-github-token.age;
+      path = "/home/alex/code/work/.work-github-token";
+      owner = "alex";
+      group = "users";
+    };
+
     "work-staging-ovpn" = lib.mkIf openvpnEnabled {
       file = ../../../../secrets/pinwheel/work-staging-ovpn.age;
     };
diff --git a/secrets/pinwheel/work-github-token.age b/secrets/pinwheel/work-github-token.age
new file mode 100644
index 0000000..71eae54
Binary files /dev/null and b/secrets/pinwheel/work-github-token.age differ
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 5871eaf..052dfb1 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -16,6 +16,7 @@ in {
   "pinwheel/alex.pinwheel-codeberg.org.pub.age".publicKeys = [ pinwheel alex ];
 
   "pinwheel/work-gitconfig.age".publicKeys = [ pinwheel alex ];
+  "pinwheel/work-github-token.age".publicKeys = [ pinwheel alex ];
   "pinwheel/work-staging-ovpn.age".publicKeys = [ pinwheel alex ];
   "pinwheel/work-production-ovpn.age".publicKeys = [ pinwheel alex ];