diff --git a/config/modules/meta/secrets.nix b/config/modules/meta/secrets.nix
index edcfac2d..2f37036a 100644
--- a/config/modules/meta/secrets.nix
+++ b/config/modules/meta/secrets.nix
@@ -9,7 +9,7 @@ with lib;
         options.externalSecret = mkEnableOption "Is ths secret to be templated into a command provided?";
         config = mkIf config.externalSecret {
           type = "string";
-          value.shellCommand = "${tf.commandPrefix} ${escapeShellArg name}";
+          value.shellCommand = "${tf.commandPrefix} ${tf.folderPrefix}${tf.folderDivider}${escapeShellArg name}";
         };
       }));
     };
@@ -17,5 +17,13 @@ with lib;
       type = types.nullOr types.str;
       default = null;
     };
+    folderPrefix = mkOption {
+      type = types.str;
+      default = "";
+    };
+    folderDivider = mkOption {
+      type = types.str;
+      default = "";
+    };
   };
 }
diff --git a/config/targets/common/default.nix b/config/targets/common/default.nix
index d85ea39d..404b97fc 100644
--- a/config/targets/common/default.nix
+++ b/config/targets/common/default.nix
@@ -2,6 +2,8 @@
 
 {
   commandPrefix = "pass";
+  folderPrefix = "secrets";
+  folderDivider = "/";
 
   variables.hcloud_token = {
     type = "string";