diff --git a/templates/kubernetes/homelab-workspace/coder-agent.tf b/templates/kubernetes/homelab-workspace/coder-agent.tf
index 8f8138a2..4adccdbf 100644
--- a/templates/kubernetes/homelab-workspace/coder-agent.tf
+++ b/templates/kubernetes/homelab-workspace/coder-agent.tf
@@ -1,6 +1,8 @@
 resource "coder_agent" "main" {
-  arch = "amd64"
-  os   = "linux"
+  arch                    = "amd64"
+  os                      = "linux"
+  startup_script          = "/bin/bash --noprofile --norc /agent-startup.sh"
+  startup_script_behavior = "blocking"
 
   metadata {
     display_name = "CPU Usage"
diff --git a/templates/kubernetes/homelab-workspace/configmap.tf b/templates/kubernetes/homelab-workspace/configmap.tf
index c2a5996c..c7049244 100644
--- a/templates/kubernetes/homelab-workspace/configmap.tf
+++ b/templates/kubernetes/homelab-workspace/configmap.tf
@@ -8,6 +8,7 @@ resource "kubernetes_config_map" "workspace_scripts" {
   }
 
   data = {
+    agent_startup_script  = file("${path.cwd}/script-agent-startup.sh")
     system_update_script  = file("${path.cwd}/script-system-update.sh")
     workspace_init_script = coder_agent.main.init_script
   }
diff --git a/templates/kubernetes/homelab-workspace/main.tf b/templates/kubernetes/homelab-workspace/main.tf
index 5fa7361c..fa21cdb8 100644
--- a/templates/kubernetes/homelab-workspace/main.tf
+++ b/templates/kubernetes/homelab-workspace/main.tf
@@ -23,9 +23,9 @@ locals {
 
   workspace_secrets = {
     "github_auth_token"  = "${local.home_directory}/.secret/github_token"
-    "github_public_key"  = "${local.home_directory}/.ssh/id_ed25519.pub"
-    "github_private_key" = "${local.home_directory}/.ssh/id_ed25519"
-    "kubeconfig_nas"     = "${local.home_directory}/.kube/conf.d/nas"
-    "kubeconfig_homelab" = "${local.home_directory}/.kube/conf.d/homelab"
+    "github_public_key"  = "${local.home_directory}/.secret/id_ed25519.pub"
+    "github_private_key" = "${local.home_directory}/.secret/id_ed25519"
+    "kubeconfig_nas"     = "${local.home_directory}/.secret/kubeconfig_nas"
+    "kubeconfig_homelab" = "${local.home_directory}/.secret/kubeconfig_homelab"
   }
 }
diff --git a/templates/kubernetes/homelab-workspace/script-agent-startup.sh b/templates/kubernetes/homelab-workspace/script-agent-startup.sh
new file mode 100644
index 00000000..c038918c
--- /dev/null
+++ b/templates/kubernetes/homelab-workspace/script-agent-startup.sh
@@ -0,0 +1,27 @@
+#!/bin/bash
+set -eo pipefail
+
+
+main() {
+  echo '------------------------------------------------------------'
+  echo 'Re-locating secrets from mounted location to their destinations...'
+  if [[ ! -f $HOME/.ssh/id_ed25519 ]]; then
+    if [[ -f $HOME/.secret/id_ed25519 ]]; then
+      mkdir -p $HOME/.ssh
+      cp $HOME/.secret/id_ed25519* $HOME/.ssh/
+      chmod 600 $HOME/.ssh/id_*
+    fi
+  fi
+
+  if [[ ! -d $HOME/.kube/conf.d ]]; then
+    mkdir -p $HOME/.kube/conf.d
+    if [[ -f $HOME/.secret/kubeconfig_homelab ]]; then
+      cp $HOME/.secret/kubeconfig_* $HOME/.kube/conf.d/
+      chmod 600 $HOME/.kube/conf.d/kubeconfig_*
+    fi
+  fi
+  echo '------------------------------------------------------------'
+  echo 'Done'
+}
+
+main