diff --git a/custom/modules/secrets-store.nix b/custom/modules/secrets-store.nix
index 80986db..0081573 100644
--- a/custom/modules/secrets-store.nix
+++ b/custom/modules/secrets-store.nix
@@ -25,7 +25,7 @@ let
         };
       mode = mkOption
         { type = types.str;
-          default = "0400";
+          default = "0440";
           description = "File permission (octal format)";
         };
       path = mkOption
@@ -58,7 +58,7 @@ let
   storedSecrets = mapAttrsRecursiveCond (v: !isFile v)
     (names: secret:
       if isFile secret
-        then "/run/secret/${concatStringsSep "-" names}"
+        then "/run/secrets/${concatStringsSep "-" names}"
         else secret) cfg;
 
 in {