diff --git a/agenix/hosts/sail/config.nix b/agenix/hosts/sail/config.nix
index 97bf05c..8edefeb 100644
--- a/agenix/hosts/sail/config.nix
+++ b/agenix/hosts/sail/config.nix
@@ -90,6 +90,7 @@
 
     invidious-database-password = {
       file = ./invidious/databasePassword.age;
+      mode = "444";
     };
 
     invidious-auth = {
diff --git a/system/nixos/invidious.nix b/system/nixos/invidious.nix
index e4c0819..04eace0 100644
--- a/system/nixos/invidious.nix
+++ b/system/nixos/invidious.nix
@@ -14,7 +14,7 @@ in
       createLocally = false;
       host = "10.99.99.3";
       port = 5432;
-      passwordFile = "%d/databasePassword";
+      passwordFile = config.age.secrets.invidious-database-password.path;
     };
 
     settings = {
@@ -40,8 +40,6 @@ in
     nginx.enable = false;
   };
 
-  systemd.services.invidious.serviceConfig.LoadCredential = "databasePassword:${config.age.secrets.invidious-database-password.path}";
-
   services.nginx.virtualHosts."${fqdn}" = {
     http3 = true;