diff --git a/evolution/proposals/ECP-0061-agenix-secrets.md b/evolution/proposals/ECP-0061-agenix-secrets.md
new file mode 100644
index 0000000..78bdf0e
--- /dev/null
+++ b/evolution/proposals/ECP-0061-agenix-secrets.md
@@ -0,0 +1,40 @@
+# ECP-0061: agenix Secrets (Local Dev Convenience)
+
+Status: Draft
+
+## Goal
+
+Provide a simple, repo-native way to manage a small set of long-lived tokens for local development without committing plaintext secrets:
+
+- Cloudflare API token (local `wrangler deploy`)
+- Codeberg token (optional; for `tea` CLI)
+
+## Non-Goals
+
+- CI secrets management (CI should use Forgejo Actions secrets).
+- A general secret distribution scheme for the network protocol.
+
+## Proposal
+
+1. Add `secrets/` using `agenix`:
+   - `secrets/secrets.nix` maps secret filenames to recipients.
+   - Encrypted files (optional, not required to exist):
+     - `secrets/cloudflare-api-token.age`
+     - `secrets/codeberg-token.age`
+2. Add tools to the nix dev shell:
+   - `agenix`
+   - `tea` (Forgejo/Gitea-compatible CLI)
+3. Update scripts to use these secrets opportunistically:
+   - `scripts/deploy-workers.sh` loads `CLOUDFLARE_API_TOKEN` via `agenix -d` when present.
+   - `scripts/tea-login-codeberg.sh` configures `tea` using `CODEBERG_TOKEN` (env) or `agenix`.
+
+## Rationale
+
+`agenix` keeps sensitive tokens out of git while still being easy to use on a single machine.
+CI remains clean and auditable by using the platform's secret store.
+
+## Rollout / Reversibility
+
+- Additive. If a developer doesn't use `agenix`, nothing breaks.
+- Easy to remove later if a different secret system is adopted.
+