diff --git a/morph/lib/make-issuer.nix b/morph/lib/make-issuer.nix
index 5e58f0646a113b37f1874e46db10a377189984d5..e241b917367bb04a8c10830b6d946410994de547 100644
--- a/morph/lib/make-issuer.nix
+++ b/morph/lib/make-issuer.nix
@@ -32,7 +32,7 @@
       };
       "monitoringvpn-secret-key" = {
         source = "../../PrivateStorageSecrets/monitoringvpn/${monitoringvpnIPv4}.key";
-        destination = "/var/secrets/monitoringvpn/client.key";
+        destination = "/run/keys/monitoringvpn/client.key";
         owner.user = "root";
         owner.group = "root";
         permissions = "0400";
@@ -40,7 +40,7 @@
       };
       "monitoringvpn-preshared-key" = {
         source = "../../PrivateStorageSecrets/monitoringvpn/preshared.key";
-        destination = "/var/secrets/monitoringvpn/preshared.key";
+        destination = "/run/keys/monitoringvpn/preshared.key";
         owner.user = "root";
         owner.group = "root";
         permissions = "0400";
diff --git a/morph/lib/make-monitoring.nix b/morph/lib/make-monitoring.nix
index ca8dfc913c0b4f05999374cf66a537cb7d1e1763..2a2cde3d19326c8e90c6f3896c827bca0be76a74 100644
--- a/morph/lib/make-monitoring.nix
+++ b/morph/lib/make-monitoring.nix
@@ -6,7 +6,7 @@
     secrets = {
       "monitoringvpn-private-key" = {
         source = "../../PrivateStorageSecrets/monitoringvpn/server.key";
-        destination = "/var/secrets/monitoringvpn/server.key";
+        destination = "/run/keys/monitoringvpn/server.key";
         owner.user = "root";
         owner.group = "root";
         permissions = "0400";
@@ -14,7 +14,7 @@
       };
       "monitoringvpn-public-key" = {
         source = "../../PrivateStorageSecrets/monitoringvpn/server.pub";
-        destination = "/var/secrets/monitoringvpn/server.pub";
+        destination = "/run/keys/monitoringvpn/server.pub";
         owner.user = "root";
         owner.group = "root";
         permissions = "0444";
@@ -22,7 +22,7 @@
       };
       "monitoringvpn-preshared-key" = {
         source = "../../PrivateStorageSecrets/monitoringvpn/preshared.key";
-        destination = "/var/secrets/monitoringvpn/preshared.key";
+        destination = "/run/keys/monitoringvpn/preshared.key";
         owner.user = "root";
         owner.group = "root";
         permissions = "0400";
diff --git a/morph/lib/make-testing.nix b/morph/lib/make-testing.nix
index 81b88eccc2f11397f259d41fca51b3eee2575f92..c96a51c2aed555797366dc0a39040bce04d80b25 100644
--- a/morph/lib/make-testing.nix
+++ b/morph/lib/make-testing.nix
@@ -17,7 +17,7 @@
       };
       "monitoringvpn-secret-key" = {
         source = "../../PrivateStorageSecrets/monitoringvpn/${monitoringvpnIPv4}.key";
-        destination = "/var/secrets/monitoringvpn/client.key";
+        destination = "/run/keys/monitoringvpn/client.key";
         owner.user = "root";
         owner.group = "root";
         permissions = "0400";
@@ -25,7 +25,7 @@
       };
       "monitoringvpn-preshared-key" = {
         source = "../../PrivateStorageSecrets/monitoringvpn/preshared.key";
-        destination = "/var/secrets/monitoringvpn/preshared.key";
+        destination = "/run/keys/monitoringvpn/preshared.key";
         owner.user = "root";
         owner.group = "root";
         permissions = "0400";
diff --git a/nixos/modules/monitoring/vpn/client.nix b/nixos/modules/monitoring/vpn/client.nix
index 9c204743ae731558043118e798a0b6737e5d77c5..1756221e0f2a1a9afa759132b2a150e8a03df70e 100644
--- a/nixos/modules/monitoring/vpn/client.nix
+++ b/nixos/modules/monitoring/vpn/client.nix
@@ -8,15 +8,15 @@ in {
     enable = lib.mkEnableOption "PrivateStorageio Monitoring VPN client service";
     privateKeyFile = lib.mkOption {
       type = lib.types.path;
-      example = lib.literalExample /var/secrets/monitoringvpn/host.key;
-      default = /var/secrets/monitoringvpn/client.key;
+      example = lib.literalExample /run/keys/monitoringvpn/host.key;
+      default = /run/keys/monitoringvpn/client.key;
       description = ''
         File with base64 private key generated by <command>wg genkey</command>.
       '';
     };
     publicKeyFile = lib.mkOption {
       type = lib.types.path;
-      example = lib.literalExample /var/secrets/monitoringvpn/host.pub;
+      example = lib.literalExample /run/keys/monitoringvpn/host.pub;
       description = ''
         File with base64 public key generated by <command>cat private.key | wg pubkey > pubkey.pub</command>.
         Cannot have white space or new lines.
@@ -28,8 +28,8 @@ in {
     };
     presharedKeyFile = lib.mkOption {
       type = lib.types.path;
-      example = lib.literalExample /var/secrets/monitoringvpn/preshared.key;
-      default = /var/secrets/monitoringvpn/preshared.key;
+      example = lib.literalExample /run/keys/monitoringvpn/preshared.key;
+      default = /run/keys/monitoringvpn/preshared.key;
       description = ''
         File with base64 preshared key generated by <command>wg genpsk</command>.
       '';
@@ -59,7 +59,7 @@ in {
     };
     endpointPublicKeyFile = lib.mkOption {
       type = lib.types.path;
-      example = lib.literalExample /var/secrets/monitoringvpn/server.pub;
+      example = lib.literalExample /run/keys/monitoringvpn/server.pub;
       default = ../../../../morph/PrivateStorageSecrets/monitoringvpn/server.pub;
       description = ''
         File with base64 public key generated by <command>cat private.key | wg pubkey > pubkey.pub</command>.
diff --git a/nixos/modules/monitoring/vpn/server.nix b/nixos/modules/monitoring/vpn/server.nix
index 0ff1189b248dfd018ff9735cac4d1c13435d29a8..8a1f560e0d537fbc5613b2d05ec72209811d8ae0 100644
--- a/nixos/modules/monitoring/vpn/server.nix
+++ b/nixos/modules/monitoring/vpn/server.nix
@@ -8,24 +8,24 @@ in {
     enable = lib.mkEnableOption "PrivateStorageio Monitoring VPN server service";
     privateKeyFile = lib.mkOption {
       type = lib.types.path;
-      example = lib.literalExample /var/secrets/monitoringvpn/server.key;
-      default = /var/secrets/monitoringvpn/server.key;
+      example = lib.literalExample /run/keys/monitoringvpn/server.key;
+      default = /run/keys/monitoringvpn/server.key;
       description = ''
         File with base64 private key generated by <command>wg genkey</command>.
       '';
     };
     publicKeyFile = lib.mkOption {
       type = lib.types.path;
-      example = lib.literalExample /var/secrets/monitoringvpn/server.pub;
-      default = /var/secrets/monitoringvpn/server.pub;
+      example = lib.literalExample /run/keys/monitoringvpn/server.pub;
+      default = /run/keys/monitoringvpn/server.pub;
       description = ''
         File with base64 public key generated by <command>cat private.key | wg pubkey > pubkey.pub</command>.
       '';
     };
     presharedKeyFile = lib.mkOption {
       type = lib.types.path;
-      example = lib.literalExample /var/secrets/monitoringvpn/preshared.key;
-      default = /var/secrets/monitoringvpn/preshared.key;
+      example = lib.literalExample /run/keys/monitoringvpn/preshared.key;
+      default = /run/keys/monitoringvpn/preshared.key;
       description = ''
         File with base64 preshared key generated by <command>wg genpsk</command>.
       '';