diff --git a/morph/grid/local/config.json b/morph/grid/local/config.json
index b0bd66f3932ed95d06ac5eebce5a371db0b25ea1..0f44cd7028ab8bb9043fd03c8e0bd91947a972e2 100644
--- a/morph/grid/local/config.json
+++ b/morph/grid/local/config.json
@@ -1,7 +1,7 @@
 { "publicStoragePort": 8898
 , "ristrettoSigningKeyPath": "../../PrivateStorageSecrets/ristretto.signing-key"
 , "stripeSecretKeyPath": "../../PrivateStorageSecrets/privatestorageio-testing-stripe.secret"
-, "monitoringvpnSecretKeyPath": "../../PrivateStorageSecrets/monitoringvpn/server.key"
+, "monitoringvpnSecretKeyDir": "../../PrivateStorageSecrets/monitoringvpn/"
 , "monitoringvpnPresharedKeyPath" : "../../PrivateStorageSecrets/monitoringvpn/preshared.key"
 , "passValue": 1000000
 , "issuerDomain": "payments.localdev"
diff --git a/morph/lib/make-issuer.nix b/morph/lib/make-issuer.nix
index 82b194840db0d2387b10d435dfbc0e1dd8066b26..f6899fe8d7e640a9cb213cef8f557ee3858cccb5 100644
--- a/morph/lib/make-issuer.nix
+++ b/morph/lib/make-issuer.nix
@@ -1,7 +1,7 @@
 { hardware
 , ristrettoSigningKeyPath
 , stripeSecretKeyPath
-, monitoringvpnSecretKeyPath
+, monitoringvpnSecretKeyDir
 , monitoringvpnPresharedKeyPath
 , issuerDomain
 , letsEncryptAdminEmail
@@ -33,7 +33,7 @@
         action = ["sudo" "systemctl" "restart" "zkapissuer.service"];
       };
       "monitoringvpn-secret-key" = {
-        source = monitoringvpnSecretKeyPath;
+        source = monitoringvpnSecretKeyDir + "/${monitoringvpnIPv4}.key";
         destination = "/run/keys/monitoringvpn/client.key";
         owner.user = "root";
         owner.group = "root";
diff --git a/morph/lib/make-monitoring.nix b/morph/lib/make-monitoring.nix
index 19e1dcbeded9fcaab7dc64752761d2cbfe9f504e..9a0f297b3deb5aa9fe02e45aa78adfc66d3665d2 100644
--- a/morph/lib/make-monitoring.nix
+++ b/morph/lib/make-monitoring.nix
@@ -2,7 +2,7 @@
 , hardware
 , publicStoragePort
 , ristrettoSigningKeyPath
-, monitoringvpnSecretKeyPath
+, monitoringvpnSecretKeyDir
 , monitoringvpnPresharedKeyPath
 , passValue
 , sshUsers
@@ -16,7 +16,7 @@
 
     secrets = {
       "monitoringvpn-private-key" = {
-        source = monitoringvpnSecretKeyPath;
+        source = monitoringvpnSecretKeyDir + "/server.key";
         destination = "/run/keys/monitoringvpn/server.key";
         owner.user = "root";
         owner.group = "root";
diff --git a/morph/lib/make-testing.nix b/morph/lib/make-testing.nix
index 7cd3c80aa0e237d003f07e9f95ee5eac211a5ca5..35c70f8f789633489b431e57a23b4259102df5da 100644
--- a/morph/lib/make-testing.nix
+++ b/morph/lib/make-testing.nix
@@ -2,7 +2,7 @@
 , hardware
 , publicStoragePort
 , ristrettoSigningKeyPath
-, monitoringvpnSecretKeyPath
+, monitoringvpnSecretKeyDir
 , monitoringvpnPresharedKeyPath
 , passValue
 , sshUsers
@@ -26,7 +26,7 @@
         action = ["sudo" "systemctl" "restart" "tahoe.storage.service"];
       };
       "monitoringvpn-secret-key" = {
-        source = monitoringvpnSecretKeyPath;
+        source = monitoringvpnSecretKeyDir + "/${monitoringvpnIPv4}.key";
         destination = "/run/keys/monitoringvpn/client.key";
         owner.user = "root";
         owner.group = "root";