diff --git a/morph/grid/production/grid.nix b/morph/grid/production/grid.nix
index cf8f7eb990b4d83760a78352115de4128b7eba52..7b056146c300952f014da6fc57e71ee022ac58a5 100644
--- a/morph/grid/production/grid.nix
+++ b/morph/grid/production/grid.nix
@@ -4,7 +4,10 @@
 import ../../lib/make-grid.nix {
   name = "Production";
   config = ./config.json;
-  nodes = cfg: {
+  nodes = cfg:
+    let
+      sshUsers = import ../../../../PrivateStorageSecrets/production-users.nix;
+    in {
     # Here are the hosts that are in this morph network.  This is sort of like
     # a server manifest.  We try to keep as many of the specific details as
     # possible out of *this* file so that this file only grows as server count
@@ -18,33 +21,38 @@ import ../../lib/make-grid.nix {
     #
     # The names must be unique!
     "payments.privatestorage.io" = import ../../lib/issuer.nix ({
-      sshUsers = import ../../../../PrivateStorageSecrets/production-users.nix;
+      inherit sshUsers;
       hardware = ../../lib/issuer-aws.nix;
       stateVersion = "19.03";
     } // cfg);
 
     "storage001" = import ../../lib/make-storage.nix ({
         cfg = import ./storage001-config.nix;
+        inherit sshUsers;
         hardware = ./storage001-hardware.nix;
         stateVersion = "19.09";
     } // cfg);
     "storage002" = import ../../lib/make-storage.nix ({
         cfg = import ./storage002-config.nix;
+        inherit sshUsers;
         hardware = ./storage002-hardware.nix;
         stateVersion = "19.09";
     } // cfg);
     "storage003" = import ../../lib/make-storage.nix ({
         cfg = import ./storage003-config.nix;
+        inherit sshUsers;
         hardware = ./storage003-hardware.nix;
         stateVersion = "19.09";
     } // cfg);
     "storage004" = import ../../lib/make-storage.nix ({
         cfg = import ./storage004-config.nix;
+        inherit sshUsers;
         hardware = ./storage004-hardware.nix;
         stateVersion = "19.09";
     } // cfg);
     "storage005" = import ../../lib/make-storage.nix ({
         cfg = import ./storage005-config.nix;
+        inherit sshUsers;
         hardware = ./storage005-hardware.nix;
         stateVersion = "19.03";
     } // cfg);
diff --git a/morph/grid/testing/grid.nix b/morph/grid/testing/grid.nix
index b6161f5a113dc948c9535e4a1ede40121ae5a06d..3a1c5f3921c196843b0a4cd1b18f20388a75edde 100644
--- a/morph/grid/testing/grid.nix
+++ b/morph/grid/testing/grid.nix
@@ -4,15 +4,19 @@
 import ../../lib/make-grid.nix {
   name = "Testing";
   config = ./config.json;
-  nodes = cfg: {
+  nodes = cfg:
+  let
+    sshUsers = import ../../../../PrivateStorageSecrets/staging-users.nix;
+  in {
     "payments.privatestorage-staging.com" = import ../../lib/issuer.nix ({
-      sshUsers = import ../../../../PrivateStorageSecrets/staging-users.nix;
+      inherit sshUsers;
       hardware = ../../lib/issuer-aws.nix;
       stateVersion = "19.03";
     } // cfg);
 
     "3.120.26.190" = import ../../lib/make-testing.nix (cfg // {
       publicIPv4 = "3.120.26.190";
+      inherit sshUsers;
       hardware = ./testing001-hardware.nix;
       stateVersion = "19.03";
     });
diff --git a/morph/lib/make-storage.nix b/morph/lib/make-storage.nix
index da206572566b1b997d4160ba46a98aa4fd547430..0c556befc096f0fb8fa4476e6bad234e3e9231a2 100644
--- a/morph/lib/make-storage.nix
+++ b/morph/lib/make-storage.nix
@@ -3,6 +3,7 @@
 , hardware                   # The path to the hardware configuration for this node.
 , publicStoragePort          # The storage port number on which to accept connections.
 , ristrettoSigningKeyPath    # The *local* path to the Ristretto signing key file.
+, sshUsers                   # Users for which to configure SSH access to this node.
 , stateVersion               # The value for system.stateVersion on this node.
                              # This value determines the NixOS release with
                              # which your system is to be compatible, in order
@@ -56,6 +57,8 @@
     inherit publicStoragePort;
     # Give it the Ristretto signing key, too, to support authorization.
     ristrettoSigningKeyPath = deployment.secrets.ristretto-signing-key.destination;
+    # It gets the users, too.
+    inherit sshUsers;
   };
 
   system.stateVersion = stateVersion;
diff --git a/morph/lib/make-testing.nix b/morph/lib/make-testing.nix
index 24de7ea40ad778d0ca2418be063a4a1528965839..df8eb006b3234d5e127a334a401c9079d5adc2fb 100644
--- a/morph/lib/make-testing.nix
+++ b/morph/lib/make-testing.nix
@@ -1,4 +1,4 @@
-{ publicIPv4, hardware, publicStoragePort, ristrettoSigningKeyPath, stateVersion, ... }: rec {
+{ publicIPv4, hardware, publicStoragePort, ristrettoSigningKeyPath, sshUsers, stateVersion, ... }: rec {
 
   deployment = {
     secrets = {
@@ -26,6 +26,7 @@
     inherit publicIPv4;
     inherit publicStoragePort;
     ristrettoSigningKeyPath = deployment.secrets.ristretto-signing-key.destination;
+    inherit sshUsers;
   };
 
   system.stateVersion = stateVersion;