diff --git a/.sops.yaml b/.sops.yaml
index eab1515..2719031 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -1,11 +1,18 @@
 keys:
-  - &primary age1nlta6ek2fsre42g38ytwg3fxtra4h444psd7g986md0gzmvv6d5qqlwwjy
+  - &user age1nlta6ek2fsre42g38ytwg3fxtra4h444psd7g986md0gzmvv6d5qqlwwjy
+  - &oparic-local-dev age1mgxmpfpy6qg374kyq66cc5yw68qfw0mlk89rcdy3lkzw9q93jvwqg73395
+# 按 GPT 的说法, 要想不踩坑, 就绝对不要用宽泛的匹配规则
 creation_rules:
-  - path_regex: secrets/ssh-config.yaml$
+  - path_regex: ^secrets/ssh-config\.yaml$
     key_groups:
       - age:
-          - *primary
-  - path_regex: secrets/ssh-private.yaml$
+          - *user
+  - path_regex: ^secrets/ssh-private\.yaml$
     key_groups:
       - age:
-          - *primary
+          - *user
+  - path_regex: ^secrets/hosts/oparic-local-dev\.yaml$
+    key_groups:
+      - age:
+          - *user
+          - *oparic-local-dev