diff --git a/terraform/vault/secrets.tf b/terraform/vault/secrets.tf
index 4ac9ec8..e461a37 100644
--- a/terraform/vault/secrets.tf
+++ b/terraform/vault/secrets.tf
@@ -107,6 +107,12 @@ locals {
       data          = { nkey = var.homelab_deploy_scheduler_nkey }
     }
 
+    # Garage S3 environment (RPC secret + admin token)
+    "hosts/garage01/garage" = {
+      auto_generate = false
+      data          = { env = var.garage_env }
+    }
+
     # Kanidm idm_admin password
     "kanidm/idm-admin-password" = {
       auto_generate   = true
diff --git a/terraform/vault/variables.tf b/terraform/vault/variables.tf
index a0ea1a3..7aae456 100644
--- a/terraform/vault/variables.tf
+++ b/terraform/vault/variables.tf
@@ -88,6 +88,13 @@ variable "nixos_exporter_nkey" {
   sensitive   = true
 }
 
+variable "garage_env" {
+  description = "Garage environment file contents (GARAGE_RPC_SECRET and GARAGE_ADMIN_TOKEN)"
+  type        = string
+  default     = "PLACEHOLDER"
+  sensitive   = true
+}
+
 variable "radarr_api_key" {
   description = "Radarr API key for exportarr metrics"
   type        = string