diff --git a/modules/nixos/sops/default.nix b/modules/nixos/sops/default.nix
index 1ac9a70..bae5f56 100644
--- a/modules/nixos/sops/default.nix
+++ b/modules/nixos/sops/default.nix
@@ -77,31 +77,31 @@ in
       # ------------------------------
       "secureboot/GUID" = lib.mkIf isx86 {
         path = "/etc/secureboot/GUID";
-        mode = "0600";
+        mode = "0640";
       };
       "secureboot/keys/db-key" = lib.mkIf isx86 {
         path = "/etc/secureboot/keys/db/db.key";
-        mode = "0600";
+        mode = "0640";
       };
       "secureboot/keys/db-pem" = lib.mkIf isx86 {
         path = "/etc/secureboot/keys/db/db.pem";
-        mode = "0600";
+        mode = "0640";
       };
       "secureboot/keys/KEK-key" = lib.mkIf isx86 {
         path = "/etc/secureboot/keys/KEK/KEK.key";
-        mode = "0600";
+        mode = "0640";
       };
       "secureboot/keys/KEK-pem" = lib.mkIf isx86 {
         path = "/etc/secureboot/keys/KEK/KEK.pem";
-        mode = "0600";
+        mode = "0640";
       };
       "secureboot/keys/PK-key" = lib.mkIf isx86 {
         path = "/etc/secureboot/keys/PK/PK.key";
-        mode = "0600";
+        mode = "0640";
       };
       "secureboot/keys/PK-pem" = lib.mkIf isx86 {
         path = "/etc/secureboot/keys/PK/PK.pem";
-        mode = "0600";
+        mode = "0640";
       };
     };
 
diff --git a/test b/test
new file mode 100644
index 0000000..6184bb6
--- /dev/null
+++ b/test
@@ -0,0 +1 @@
+age1yn82e39pxt0d0pgny34ux4lkge4ff7wxvsye8ragvwngehemt4ps27phyw