diff --git a/morph/lib/make-issuer.nix b/morph/lib/make-issuer.nix
index 9f37d640fd7cfacc67eed7074f03292849d8597f..e8a6333c19a742917b930164c26f43ac791c0d6d 100644
--- a/morph/lib/make-issuer.nix
+++ b/morph/lib/make-issuer.nix
@@ -15,7 +15,7 @@
     secrets = {
       "ristretto-signing-key" = {
         source = ristrettoSigningKeyPath;
-        destination = "/var/secrets/ristretto.signing-key";
+        destination = "/run/keys/ristretto.signing-key";
         owner.user = "root";
         owner.group = "root";
         permissions = "0400";
@@ -23,7 +23,7 @@
       };
       "stripe-secret-key" = {
         source = stripeSecretKeyPath;
-        destination = "/var/secrets/stripe.secret-key";
+        destination = "/run/keys/stripe.secret-key";
         owner.user = "root";
         owner.group = "root";
         permissions = "0400";
diff --git a/morph/lib/make-storage.nix b/morph/lib/make-storage.nix
index c286106a18caca4a575305f0fa897aedaac60c55..af0867c8b8342e31393f19a76a7cbfc4c95f86c9 100644
--- a/morph/lib/make-storage.nix
+++ b/morph/lib/make-storage.nix
@@ -19,7 +19,7 @@
     secrets = {
       "ristretto-signing-key" = {
         source = ristrettoSigningKeyPath;
-        destination = "/var/secrets/ristretto.signing-key";
+        destination = "/run/keys/ristretto.signing-key";
         owner.user = "root";
         owner.group = "root";
         permissions = "0400";
diff --git a/morph/lib/make-testing.nix b/morph/lib/make-testing.nix
index ee1e2db49ba337578312866f737e216f961dc152..1c0e1305ce6b2b83851df03d6d5b019e01604b95 100644
--- a/morph/lib/make-testing.nix
+++ b/morph/lib/make-testing.nix
@@ -6,7 +6,7 @@
     secrets = {
       "ristretto-signing-key" = {
         source = ristrettoSigningKeyPath;
-        destination = "/var/secrets/ristretto.signing-key";
+        destination = "/run/keys/ristretto.signing-key";
         owner.user = "root";
         owner.group = "root";
         permissions = "0400";