diff --git a/nix/modules/secrets.nix b/nix/modules/secrets.nix
index f2a9059..4b934c1 100644
--- a/nix/modules/secrets.nix
+++ b/nix/modules/secrets.nix
@@ -48,11 +48,31 @@
         path = "/var/lib/ci-certs/live/privkey.pem";
         mode = "0400"; # private key — root only
       };
+
+      # Phase-2 rate-limit fix (Class A1 registry creds, operator-2026-05-28). Authenticated Docker
+      # Hub pulls (200/6h per-account) replace the exhausted 100/6h shared-IP anonymous limit that
+      # was blocking heavy recipe deploys with `toomanyrequests`. Value is base64("nptest2:<PAT>")
+      # — i.e. the exact `auth` field docker config.json expects — so the template below is a pure
+      # render with no runtime base64. Read-only PAT; both the host exec runner and manual root
+      # deploys run as root (drone-runner-exec User=root), so /root/.docker/config.json covers both.
+      dockerhub_auth = { };
     };
 
     # EnvironmentFile for the host exec runner: DRONE_RPC_SECRET rendered from the sops secret.
     templates."drone-runner.env".content = ''
       DRONE_RPC_SECRET=${config.sops.placeholder.drone_rpc_secret}
     '';
+
+    # Declarative root docker auth — survives a 1c rebuild (replaces the imperative `docker login`).
+    # abra runs `docker stack deploy` as root and reads this config.json to authenticate Docker Hub
+    # pulls (manifest resolution + image pulls). 0600/root-only since it embeds the PAT.
+    templates."docker-config.json" = {
+      path = "/root/.docker/config.json";
+      mode = "0600";
+      owner = "root";
+      content = ''
+        {"auths":{"https://index.docker.io/v1/":{"auth":"${config.sops.placeholder.dockerhub_auth}"}}}
+      '';
+    };
   };
 }
diff --git a/secrets b/secrets
index 2312f1c..cdd5e0a 160000
--- a/secrets
+++ b/secrets
@@ -1 +1 @@
-Subproject commit 2312f1cc67a9569c2254181ba7d3cc0cd91c9244
+Subproject commit cdd5e0ad258ab8ffe70b754f11fceb2fe63ee53e