diff --git a/morph/issuer.nix b/morph/issuer.nix
index 57ffd009d58064830a30d30af926263962dcc5d7..fe448699c7ad87a74a63e823f428d9d46462f3de 100644
--- a/morph/issuer.nix
+++ b/morph/issuer.nix
@@ -26,8 +26,7 @@
 
   services.private-storage-issuer = {
     enable = true;
-    # XXX This should be passed as a path.
-    ristrettoSigningKey = builtins.readFile (./.. + ristrettoSigningKeyPath);
+    ristrettoSigningKeyPath = ./.. + ristrettoSigningKeyPath;
     stripeSecretKeyPath = ./.. + stripeSecretKeyPath;
     database = "SQLite3";
     databasePath = "/var/db/vouchers.sqlite3";
diff --git a/nixos/modules/issuer.nix b/nixos/modules/issuer.nix
index b22cb07f749d85daed41bd4dcd59652bf266a37c..dbe751320e45fea3af885638ef438d9f6bf05dad 100644
--- a/nixos/modules/issuer.nix
+++ b/nixos/modules/issuer.nix
@@ -41,12 +41,12 @@ in {
         algorithm or Ristretto for Ristretto-flavored PrivacyPass.
       '';
     };
-    services.private-storage-issuer.ristrettoSigningKey = lib.mkOption {
+    services.private-storage-issuer.ristrettoSigningKeyPath = lib.mkOption {
       default = null;
-      type = lib.types.str;
+      type = lib.types.path;
       description = ''
-        The Ristretto signing key to use.  Required if the issuer is
-        ``Ristretto``.
+        The path to a file containing the Ristretto signing key to use.
+        Required if the issuer is ``Ristretto``.
       '';
     };
     services.private-storage-issuer.stripeSecretKeyPath = lib.mkOption {
@@ -116,7 +116,7 @@ in {
           issuerArgs =
             if cfg.issuer == "Trivial"
               then "--issuer Trivial"
-              else "--issuer Ristretto --signing-key ${cfg.ristrettoSigningKey}";
+              else "--issuer Ristretto --signing-key-path ${cfg.ristrettoSigningKeyPath}";
           databaseArgs =
             if cfg.database == "Memory"
               then "--database Memory"