diff --git a/age/keysource.go b/age/keysource.go
index 725a2fb2a..254cbfb6f 100644
--- a/age/keysource.go
+++ b/age/keysource.go
@@ -11,8 +11,16 @@ import (
 	"strings"
 
 	"filippo.io/age"
+	"github.com/sirupsen/logrus"
+	"go.mozilla.org/sops/v3/logging"
 )
 
+var log *logrus.Logger
+
+func init() {
+	log = logging.NewLogger("AGE")
+}
+
 const privateKeySizeLimit = 1 << 24 // 16 MiB
 
 // MasterKey is an age key used to encrypt and decrypt sops' data key.
@@ -33,6 +41,7 @@ func (key *MasterKey) Encrypt(datakey []byte) error {
 		parsedRecipient, err := parseRecipient(key.Recipient)
 
 		if err != nil {
+			log.WithField("recipient", key.parsedRecipient).Error("Encryption failed")
 			return err
 		}
 
@@ -40,20 +49,23 @@ func (key *MasterKey) Encrypt(datakey []byte) error {
 	}
 
 	w, err := age.Encrypt(buffer, key.parsedRecipient)
-
 	if err != nil {
 		return fmt.Errorf("failed to open file for encrypting sops data key with age: %v", err)
 	}
 
 	if _, err := w.Write(datakey); err != nil {
+		log.WithField("recipient", key.parsedRecipient).Error("Encryption failed")
 		return fmt.Errorf("failed to encrypt sops data key with age: %v", err)
 	}
 
 	if err := w.Close(); err != nil {
+		log.WithField("recipient", key.parsedRecipient).Error("Encryption failed")
 		return fmt.Errorf("failed to close file for encrypting sops data key with age: %v", err)
 	}
-
+	
 	key.EncryptedKey = buffer.String()
+	
+	log.WithField("recipient", key.parsedRecipient).Info("Encryption succeeded")
 
 	return nil
 }
diff --git a/config/config.go b/config/config.go
index 67a06cdda..dc62eee05 100644
--- a/config/config.go
+++ b/config/config.go
@@ -13,6 +13,7 @@ import (
 	"github.com/mozilla-services/yaml"
 	"github.com/sirupsen/logrus"
 	"go.mozilla.org/sops/v3"
+	"go.mozilla.org/sops/v3/age"
 	"go.mozilla.org/sops/v3/azkv"
 	"go.mozilla.org/sops/v3/gcpkms"
 	"go.mozilla.org/sops/v3/hcvault"
@@ -71,6 +72,7 @@ type keyGroup struct {
 	GCPKMS  []gcpKmsKey  `yaml:"gcp_kms"`
 	AzureKV []azureKVKey `yaml:"azure_keyvault"`
 	Vault   []string     `yaml:"hc_vault"`
+	Age     []string     `yaml:"age"`
 	PGP     []string
 }
 
@@ -109,6 +111,7 @@ type creationRule struct {
 	PathRegex         string `yaml:"path_regex"`
 	KMS               string
 	AwsProfile        string `yaml:"aws_profile"`
+	Age               string `yaml:"age"`
 	PGP               string
 	GCPKMS            string     `yaml:"gcp_kms"`
 	AzureKeyVault     string     `yaml:"azure_keyvault"`
@@ -147,6 +150,13 @@ func getKeyGroupsFromCreationRule(cRule *creationRule, kmsEncryptionContext map[
 	if len(cRule.KeyGroups) > 0 {
 		for _, group := range cRule.KeyGroups {
 			var keyGroup sops.KeyGroup
+			for _, k := range group.Age {
+				key, err := age.MasterKeyFromRecipient(k)
+				if err != nil {
+					return nil, err
+				}
+				keyGroup = append(keyGroup, key)
+			}
 			for _, k := range group.PGP {
 				keyGroup = append(keyGroup, pgp.NewMasterKeyFromFingerprint(k))
 			}
@@ -170,6 +180,14 @@ func getKeyGroupsFromCreationRule(cRule *creationRule, kmsEncryptionContext map[
 		}
 	} else {
 		var keyGroup sops.KeyGroup
+		ageKeys, err := age.MasterKeysFromRecipients(cRule.Age)
+		if err != nil {
+			return nil, err
+		} else {
+			for _, ak := range ageKeys {
+				keyGroup = append(keyGroup, ak)
+			}
+		}
 		for _, k := range pgp.MasterKeysFromFingerprintString(cRule.PGP) {
 			keyGroup = append(keyGroup, k)
 		}