diff --git a/backup-secrets b/backup-secrets
new file mode 100755
index 0000000..bbc21ef
--- /dev/null
+++ b/backup-secrets
@@ -0,0 +1,30 @@
+#!/bin/sh
+
+# get the hostname
+hostname=$(uname -n)
+
+# Create a temporary directory
+temp_dir=$(mktemp -d)
+
+# Export GPG secret keys and revocation certificates
+mkdir -p "$temp_dir/${hostname}-auth-bak/gpg"
+gpg --list-secret-keys --keyid-format LONG | grep sec | awk '{print $2}' | cut -d'/' -f2 | while read -r keyid; do
+    gpg --export-secret-keys --armor "$keyid" > "$temp_dir/${hostname}-auth-bak/gpg/secret-$keyid.asc"
+    gpg --gen-revoke --output "$temp_dir/${hostname}-auth-bak/gpg/revoke-$keyid.asc" "$keyid"
+done
+
+# Backup SSH keys
+mkdir -p "$temp_dir/${hostname}-auth-bak/ssh"
+for key_type in rsa dsa ecdsa ed25519; do
+    if [ -f "$HOME/.ssh/id_$key_type" ]; then
+        cp "$HOME/.ssh/id_$key_type" "$HOME/.ssh/id_$key_type.pub" "$temp_dir/${hostname}-auth-bak/ssh/"
+    fi
+done
+
+# Create the archive
+tar czf "${hostname}-auth-bak-$(date +%Y-%m-%d).tgz" -C "$temp_dir/${hostname}-auth-bak" .
+
+# Clean up
+rm -rf "$temp_dir"
+
+echo "Backup completed: $hostname-auth-bak-$(date +%Y-%m-%d).tgz"