diff --git a/secrets/README.md b/secrets/README.md
index 253870ba..909cde75 100644
--- a/secrets/README.md
+++ b/secrets/README.md
@@ -176,6 +176,25 @@ the `age.secrets.<name>.path` argument, which defaults to `/etc/secrets`.
    1. Clone this repo and run `nixos-rebuild switch` to deploy it, all the secrets will be decrypted
       automatically via the host private key.
 
+## Troubleshooting
+
+### 1. Nix-Darwin Module
+
+Check logs:
+
+```bash
+tail -n 100 /Library/Logs/org.nixos.activate-agenix.stderr.log
+tail -n 100 /Library/Logs/org.nixos.activate-agenix.stdout.log
+```
+
+### 2. NixOS Module
+
+Check logs:
+
+```
+journalctl | grep -5 agenix
+```
+
 ## Other Replacements
 
 - [ragenix](https://github.com/yaxitech/ragenix): A Rust reimplementation of agenix.
diff --git a/secrets/darwin.nix b/secrets/darwin.nix
index f39275c2..ea67df81 100644
--- a/secrets/darwin.nix
+++ b/secrets/darwin.nix
@@ -10,6 +10,12 @@
     agenix.darwinModules.default
   ];
 
+  # enable logs for debugging
+  launchd.daemons."activate-agenix".serviceConfig = {
+    StandardErrorPath = "/Library/Logs/org.nixos.activate-agenix.stderr.log";
+    StandardOutPath = "/Library/Logs/org.nixos.activate-agenix.stdout.log";
+  };
+
   environment.systemPackages = [
     agenix.packages."${pkgs.system}".default
   ];