diff --git a/hosts/Infini-DL360/secrets/default.nix b/hosts/Infini-DL360/secrets/default.nix
index 7310880..cb67a95 100644
--- a/hosts/Infini-DL360/secrets/default.nix
+++ b/hosts/Infini-DL360/secrets/default.nix
@@ -6,6 +6,8 @@ in
   age.secrets = {
     authentik-ldap.rekeyFile = ./authentik-ldap.age;
     authentik.rekeyFile = ./authentik.age;
+    binary-cache-private-key.group = "hydra";
+    binary-cache-private-key.mode = "440";
     freshrss = withOwnerGroup "freshrss" ./freshrss.age;
     hedgedoc = withOwnerGroup "hedgedoc" ./hedgedoc.age;
     hydra = withGroup "hydra" ./hydra.age;
diff --git a/secrets/default.nix b/secrets/default.nix
index 6a5989e..267e2f0 100644
--- a/secrets/default.nix
+++ b/secrets/default.nix
@@ -21,7 +21,7 @@ in
     age.secrets = {
       borg-ssh-key.rekeyFile = ./borg-ssh-key.age;
       borg-password = withGroup "borg" ./borg-password.age;
-      binary-cache-private-key = withGroup "hydra" ./binary-cache-private-key.age;
+      binary-cache-private-key.rekeyFile = ./binary-cache-private-key.age;
       smtp-noreply = withGroup "smtp" ./smtp-noreply.age;
       dns-cloudflare.rekeyFile = ./dns-cloudflare.age;
     };