diff --git a/security/default.nix b/security/default.nix
index 5bc848d..ce5606c 100644
--- a/security/default.nix
+++ b/security/default.nix
@@ -2,5 +2,6 @@
 {
   imports = [
     ./hardening.nix
+    ./encryption.nix
   ];
 }
diff --git a/security/encryption.nix b/security/encryption.nix
new file mode 100644
index 0000000..47e5543
--- /dev/null
+++ b/security/encryption.nix
@@ -0,0 +1,20 @@
+{ config, pkgs, lib, ... }:
+with lib;
+let
+  cfg = config.aviallon.security.encryption;
+in {
+  options.aviallon.security.encryption = {
+    enable = mkEnableOption "encryption-related tools and programs";
+    cryptsetup.package = mkOption {
+      description = "Which cryptsetup package to use";
+      type = types.path;
+      default = pkgs.cryptsetup;
+    };
+  };
+
+  config = mkIf cfg.enable {
+    environment.systemPackages = with pkgs; [
+      cfg.cryptsetup.package
+    ];
+  };
+}