diff --git a/pki/syncthing/solo.cert b/pki/syncthing/solo.cert
new file mode 100644
index 0000000..8a85a2b
--- /dev/null
+++ b/pki/syncthing/solo.cert
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBoDCCAVKgAwIBAgIJAKTDW3t4qGfwMAUGAytlcDBKMRIwEAYDVQQKEwlTeW5j
+dGhpbmcxIDAeBgNVBAsTF0F1dG9tYXRpY2FsbHkgR2VuZXJhdGVkMRIwEAYDVQQD
+EwlzeW5jdGhpbmcwHhcNMjUxMjMwMDAwMDAwWhcNNDUxMjI1MDAwMDAwWjBKMRIw
+EAYDVQQKEwlTeW5jdGhpbmcxIDAeBgNVBAsTF0F1dG9tYXRpY2FsbHkgR2VuZXJh
+dGVkMRIwEAYDVQQDEwlzeW5jdGhpbmcwKjAFBgMrZXADIQDwc6IDr9yIEOTEt0Zy
+jVx8lnKcJ+hmkpF1ECYNrqkVRKNVMFMwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQW
+MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMBQGA1UdEQQNMAuC
+CXN5bmN0aGluZzAFBgMrZXADQQAHx/XBdRkXx8Da1qC1YyHd3mBlpP3EzwolNLEy
+36SuBYtik5qkf9/mLUTcxoobXNSLslZCU763HI54803qMwEG
+-----END CERTIFICATE-----
diff --git a/secrets/syncthing/solo.age b/secrets/syncthing/solo.age
new file mode 100644
index 0000000..901be70
Binary files /dev/null and b/secrets/syncthing/solo.age differ
diff --git a/var/syncthing-managed-clients.json b/var/syncthing-managed-clients.json
index b7b0419..cfb71d1 100644
--- a/var/syncthing-managed-clients.json
+++ b/var/syncthing-managed-clients.json
@@ -2,11 +2,13 @@
   "managed_clients": [
     "fw",
     "roam",
-    "c2"
+    "c2",
+    "solo"
   ],
   "hashes": {
     "fw": "YZGGXOT-MPFD7O4-ACLGOGT-LIMZVD3-7JBSZZR-LFCFWQL-BLO435I-LLH6GAL",
     "roam": "HMB7ZRF-OODFHHW-2QCIFFJ-M7COVK5-YUB3GKT-SI56D2U-CPTTJEP-R3ZKOQ7",
-    "c2": "PQUPFUD-S7ZKSTU-WDV5KXV-O7QYJNT-4MUEBG3-U577XAV-ITUKVJE-6IZEJAQ"
+    "c2": "PQUPFUD-S7ZKSTU-WDV5KXV-O7QYJNT-4MUEBG3-U577XAV-ITUKVJE-6IZEJAQ",
+    "solo": "GFXORW2-TTT6OO4-ZTFOTID-AMKNQM7-CHXLDN2-HCTAC7S-IM3OUWH-WSRI5A4"
   }
 }
diff --git a/var/syncthing.nix b/var/syncthing.nix
index e4cd69a..6604b69 100644
--- a/var/syncthing.nix
+++ b/var/syncthing.nix
@@ -6,8 +6,8 @@ let
   };
 in
 assert (
-  lib.assertMsg (
-    builtins.attrNames hashes == managed_clients
+  lib.assertMsg (lib.all (c: lib.elem c (builtins.attrNames hashes))
+    managed_clients
   ) "Not all declaratively configured syncthing clients have keys. Rerun ./bin/gen-syncthing-cert"
 );
 assert (