diff --git a/module/default.nix b/module/default.nix
index 178054f..440208f 100644
--- a/module/default.nix
+++ b/module/default.nix
@@ -27,7 +27,7 @@ let
   ) "`systemd.sysusers` or `services.userborn` must be enabled.";
 
   settingsType = types.submodule (
-    { config, ... }:
+    submod:
     {
       options = {
 
@@ -51,6 +51,15 @@ let
           '';
         };
 
+        hostIdentifier = mkOption {
+          type = types.str;
+          default = config.networking.hostName;
+          readOnly = true;
+          description = ''
+            Host identifier
+          '';
+        };
+
         decryptedMountPoint = mkOption {
           type =
             types.addCheck types.str (
diff --git a/src/cmd/renc.rs b/src/cmd/renc.rs
index 670be84..a9b43bb 100644
--- a/src/cmd/renc.rs
+++ b/src/cmd/renc.rs
@@ -235,6 +235,7 @@ impl Profile {
             let renc_path = {
                 let mut p = PathBuf::from_str(SEC_DIR)?;
                 p.push("renced");
+                p.push(self.settings.host_identifier.clone());
                 p
             };
             if !renc_path.exists() {
diff --git a/src/profile.rs b/src/profile.rs
index 5410f29..64957f3 100644
--- a/src/profile.rs
+++ b/src/profile.rs
@@ -26,6 +26,7 @@ pub struct Secret {
 pub struct Settings {
     pub decrypted_dir: String,
     pub decrypted_mount_point: String,
+    pub host_identifier: String,
     pub extraEncryption_pubkeys: Vec<String>,
     pub host_pubkey: String,
     pub storage_dir: String,