diff --git a/configuration.nix b/configuration.nix
index e71ea65..8678af8 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -77,7 +77,10 @@
     # Jellyfin media server
     jellyfin.enable = true;
     # Matrix backend and Element chat front-end
-    matrix.enable = true;
+    matrix = {
+      enable = true;
+      secret = lib.fileContents ./secrets/matrix/secret.txt;
+    };
     # The whole *arr software suite
     pirate.enable = true;
     # Usenet client
diff --git a/secrets/matrix/secret.txt b/secrets/matrix/secret.txt
new file mode 100644
index 0000000..ce64730
Binary files /dev/null and b/secrets/matrix/secret.txt differ
diff --git a/services/matrix.nix b/services/matrix.nix
index 965e303..f6782e8 100644
--- a/services/matrix.nix
+++ b/services/matrix.nix
@@ -16,8 +16,13 @@ let
   domain = config.networking.domain;
 in
 {
-  options.my.services.matrix = {
-    enable = lib.mkEnableOption "Matrix Synapse";
+  options.my.services.matrix = with lib; {
+    enable = mkEnableOption "Matrix Synapse";
+    secret = mkOption {
+      type = types.str;
+      example = "deadbeef";
+      description = "Shared secret to register users";
+    };
   };
 
   config = lib.mkIf cfg.enable {
@@ -45,6 +50,8 @@ in
       server_name = domain;
       public_baseurl = "https://matrix.${domain}";
 
+      registration_shared_secret = cfg.secret;
+
       listeners = [
         # Federation
         {