diff --git a/custom/modules/secrets-store.nix b/custom/modules/secrets-store.nix
index 9a27f11..14f3e99 100644
--- a/custom/modules/secrets-store.nix
+++ b/custom/modules/secrets-store.nix
@@ -126,13 +126,15 @@ in {
   # `user` activation script hasn't run yet.
   config.system.activationScripts.secrets-own = {
     deps = [ "secrets-copy" "users" ];
-    text = concatMapStrings (pair:
+    text =
+    ''
+    echo setting secrets ownership...
+    '' + concatMapStrings (pair:
     let
       name = "${concatStringsSep "-" pair.path}";
       secret = pair.value;
     in
       ''
-        echo setting secrets store ownership...
         # Set ownership of ${name}
         chown ${secret.user}:${secret.group} /run/secrets/${name}
       '') secretFiles;