diff --git a/modules/nixos/sops.nix b/modules/nixos/sops.nix
index 4add3a9..760fceb 100644
--- a/modules/nixos/sops.nix
+++ b/modules/nixos/sops.nix
@@ -34,5 +34,13 @@ in
       ];
       defaultSopsFile = cfg.secretsFile;
     };
+
+    assertions =
+      config.sops.secrets
+      |> lib.attrNames
+      |> lib.map (secretPath: {
+        assertion = cfg.secrets |> lib.hasAttrByPath (secretPath |> lib.splitString "/");
+        message = "Sops secret `${secretPath}` must be defined in secrets.json";
+      });
   };
 }