diff --git a/homeManagerModules/apps/backblaze/default.nix b/homeManagerModules/apps/backblaze/default.nix
new file mode 100644
index 00000000..0a5d7b59
--- /dev/null
+++ b/homeManagerModules/apps/backblaze/default.nix
@@ -0,0 +1,24 @@
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}: let
+  cfg = config.ar.home.apps.backblaze;
+in {
+  config = lib.mkIf cfg.enable {
+    home = {
+      activation.backblazeAuthentication = lib.hm.dag.entryAfter ["reloadSystemd"] ''
+        ${
+          if ((cfg.keyIdFile != null) && (cfg.keyFile != null))
+          then ''
+            XDG_RUNTIME_DIR=''${XDG_RUNTIME_DIR:-/run/user/$(id -u)}
+            run --quiet ${lib.getExe pkgs.backblaze-b2} authorize_account `${lib.getExe' pkgs.coreutils "cat"} ${cfg.keyIdFile}` `${lib.getExe' pkgs.coreutils "cat"} ${cfg.keyFile}`''
+          else ''run echo "backblaze: Missing keyIDfile and keyFile."''
+        }
+      '';
+
+      packages = with pkgs; [backblaze-b2];
+    };
+  };
+}
diff --git a/homeManagerModules/apps/default.nix b/homeManagerModules/apps/default.nix
index 1c648975..168284a8 100644
--- a/homeManagerModules/apps/default.nix
+++ b/homeManagerModules/apps/default.nix
@@ -6,6 +6,7 @@
 }: {
   imports = [
     ./alacritty
+    ./backblaze
     ./bash
     ./chromium
     ./emacs
diff --git a/homeManagerModules/options.nix b/homeManagerModules/options.nix
index 567d7f73..775d9f03 100644
--- a/homeManagerModules/options.nix
+++ b/homeManagerModules/options.nix
@@ -10,6 +10,23 @@ in {
   options.ar.home = {
     apps = {
       alacritty.enable = lib.mkEnableOption "Alacritty terminal.";
+
+      backblaze = {
+        enable = lib.mkEnableOption "Backblaze-b2 client with declarative authentication.";
+
+        keyIdFile = lib.mkOption {
+          description = "Backblaze key ID.";
+          default = null;
+          type = lib.types.nullOr lib.types.str;
+        };
+
+        keyFile = lib.mkOption {
+          description = "Backblaze application key.";
+          default = null;
+          type = lib.types.nullOr lib.types.str;
+        };
+      };
+
       bash.enable = lib.mkEnableOption "Bash defaults.";
 
       chromium = {
diff --git a/homes/aly/default.nix b/homes/aly/default.nix
index edea9240..79a4573a 100644
--- a/homes/aly/default.nix
+++ b/homes/aly/default.nix
@@ -31,7 +31,6 @@ in {
     };
 
     packages = [
-      pkgs.backblaze-b2
       pkgs.browsh
       pkgs.curl
       pkgs.fractal
@@ -84,6 +83,13 @@ in {
   ar.home = {
     apps = {
       alacritty.enable = true;
+
+      backblaze = {
+        enable = true;
+        keyIdFile = config.age.secrets.backblazeKeyId.path;
+        keyFile = config.age.secrets.backblazeKey.path;
+      };
+
       bash.enable = true;
       chromium.enable = true;
       emacs.enable = true;
diff --git a/hosts/mauville/home.nix b/hosts/mauville/home.nix
index 49a1bd7a..bb4bb1d3 100644
--- a/hosts/mauville/home.nix
+++ b/hosts/mauville/home.nix
@@ -17,12 +17,7 @@
       }
     ];
 
-    users.aly = lib.mkForce ({
-      config,
-      pkgs,
-      lib,
-      ...
-    }: {
+    users.aly = lib.mkForce {
       imports = [self.homeManagerModules.aly];
 
       systemd.user = {
@@ -30,12 +25,6 @@
           Unit.Description = "Backup to Backblaze.";
 
           Service.ExecStart = "${pkgs.writeShellScript "backblaze-sync" ''
-            # Authenticate with backblaze.
-            b2KeyId=`cat ${config.age.secrets.backblazeKeyId.path}`
-            b2Key=`cat ${config.age.secrets.backblazeKey.path}`
-
-            ${lib.getExe pkgs.backblaze-b2} authorize_account $b2KeyId $b2Key
-
             declare -A backups
             backups=(
               ['/home/aly/pics/camera']="b2://aly-camera"
@@ -63,6 +52,6 @@
           Unit.Description = "Daily backups to Backblaze.";
         };
       };
-    });
+    };
   };
 }