diff --git a/example/passwordfile-user1.age b/example/passwordfile-user1.age
new file mode 100644
index 0000000..de43bf4
--- /dev/null
+++ b/example/passwordfile-user1.age
@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> ssh-ed25519 KLPP8w s1DYZRlZuSsyhmZCF1lFB+E9vB8bZ/+ZhBRlx8nprwE
+nmYVCsVBrX2CFXXPU+D+bbkkIe/foofp+xoUrg9DHZw
+-> ssh-ed25519 V3XmEA Pwv3oCwcY0DX8rY48UNfsj9RumWsn4dbgorYHCwObgI
+FKxRYkL3JHtJxUwymWDF0rAtJ33BivDI6IfPsfumM90
+-> V'v(/u$-grease em/Vgf 2qDuk
+7I3iiQLPGi1COML9u/JeYkr7EqbSLoU
+--- 57WJRigUGtmcObrssS3s4PvmR8wgh1AOC/ijJn1s3xI
+�'K�ƷY&�7G�O��Fj
�k�X�BnuJ��:9�(���X�#�A����ڧj�,�_���?�Z��v��V�96]oks~%�c	�e^C�%JQ5�<H�z}�C�,�p��*!W���A���҅dC�K)��-�y
\ No newline at end of file
diff --git a/example/secrets.nix b/example/secrets.nix
index 8896b56..3bdac11 100644
--- a/example/secrets.nix
+++ b/example/secrets.nix
@@ -5,4 +5,5 @@ in
 {
   "secret1.age".publicKeys = [ user1 system1 ];
   "secret2.age".publicKeys = [ user1 ];
+  "passwordfile-user1.age".publicKeys = [ user1 system1 ];
 }
diff --git a/test/install_ssh_host_keys.nix b/test/install_ssh_host_keys.nix
new file mode 100644
index 0000000..028845b
--- /dev/null
+++ b/test/install_ssh_host_keys.nix
@@ -0,0 +1,15 @@
+# Do not copy this! It is insecure. This is only okay because we are testing.
+{
+  system.activationScripts.agenixRoot.deps = [ "installSSHHostKeys" ];
+
+  system.activationScripts.installSSHHostKeys.text = ''
+    mkdir -p /etc/ssh
+    (umask u=rw,g=r,o=r; cp ${../example_keys/system1.pub} /etc/ssh/ssh_host_ed25519_key.pub)
+    (
+      umask u=rw,g=,o=
+      cp ${../example_keys/system1} /etc/ssh/ssh_host_ed25519_key
+      touch /etc/ssh/ssh_host_rsa_key
+    )
+
+  '';
+}
diff --git a/test/integration.nix b/test/integration.nix
new file mode 100644
index 0000000..8bb234a
--- /dev/null
+++ b/test/integration.nix
@@ -0,0 +1,58 @@
+{
+nixpkgs ? <nixpkgs>,
+pkgs ? import <nixpkgs> { inherit system; config = {}; },
+system ? builtins.currentSystem
+} @args:
+
+import "${nixpkgs}/nixos/tests/make-test-python.nix" ({ pkgs, ...}: {
+  name = "agenix-integration";
+
+  nodes.system1 = { config, lib, ... }: {
+
+    imports = [
+      ../modules/age.nix
+      ./install_ssh_host_keys.nix
+    ];
+
+    services.openssh.enable = true;
+
+    age.secrets.passwordfile-user1 = {
+      file = ../example/passwordfile-user1.age;
+    };
+
+    users = {
+      mutableUsers = false;
+
+      users = {
+        user1 = {
+          isNormalUser = true;
+          passwordFile = config.age.secrets.passwordfile-user1.path;
+        };
+      };
+    };
+
+  };
+
+  testScript =
+  let
+    user = "user1";
+    password = "password1234";
+  in ''
+    system1.wait_for_unit("multi-user.target")
+    system1.wait_until_succeeds("pgrep -f 'agetty.*tty1'")
+    system1.sleep(2)
+    system1.send_key("alt-f2")
+    system1.wait_until_succeeds(f"[ $(fgconsole) = 2 ]")
+    system1.wait_for_unit(f"getty@tty2.service")
+    system1.wait_until_succeeds(f"pgrep -f 'agetty.*tty2'")
+    system1.wait_until_tty_matches(2, "login: ")
+    system1.send_chars("${user}\n")
+    system1.wait_until_tty_matches(2, "login: ${user}")
+    system1.wait_until_succeeds("pgrep login")
+    system1.sleep(2)
+    system1.send_chars("${password}\n")
+    system1.send_chars("whoami > /tmp/1\n")
+    system1.wait_for_file("/tmp/1")
+    assert "${user}" in system1.succeed("cat /tmp/1")
+  '';
+}) args