diff --git a/hosts/vault/secrets.nix b/hosts/vault/secrets.nix
index ee144f7..3ad7728 100644
--- a/hosts/vault/secrets.nix
+++ b/hosts/vault/secrets.nix
@@ -12,7 +12,7 @@
     };
 
     requiredVaultPaths = [
-      "/private-public-keys/ssh/root@vault-decrypt"
+      "/private-public-keys/data/ssh/root@vault-decrypt"
 
       "private-public-keys/data/restic/Vault"
 
@@ -28,10 +28,9 @@
       # but it makes it easier to install.
       # it's stored in /nix store anyway
       ssh_host_ed25519_key = {
-        path = "/initrd_secrets/ssh_host_ed25519_key";
+        path = "/ssh_host_ed25519_key";
         permissions = "600";
         fetchScript = ''
-          [ ! -d "$SYSROOT/initrd_secrets" ] && mkdir -p "$SYSROOT/initrd_secrets"
           simple_get "/private-public-keys/ssh/root@vault-decrypt" .private | base64 > "$secretFile"
         '';
       };
diff --git a/presets/nixos/serverEncryptedDrive.nix b/presets/nixos/serverEncryptedDrive.nix
index a65b972..80215a9 100644
--- a/presets/nixos/serverEncryptedDrive.nix
+++ b/presets/nixos/serverEncryptedDrive.nix
@@ -40,7 +40,7 @@ in {
       secrets = {
         # This will need to be generated before install or installed with secrets-init
         # To keep it same across reinstalls add the ssh key and pubkey to secrets module
-        "/ssh_host_ed25519_key" = mkForce "/initrd_secrets/ssh_host_ed25519_key";
+        "/ssh_host_ed25519_key" = "/ssh_host_ed25519_key";
       };
 
       luks = {