diff --git a/config/host-config/limina.nix b/config/host-config/limina.nix
index be242ed..c976437 100644
--- a/config/host-config/limina.nix
+++ b/config/host-config/limina.nix
@@ -61,7 +61,7 @@ in {
 
       secrets.limina = {
         backplane-client-passwd = {
-          source-file = /srv/secrets/backplane-client/limina.passwd;
+          source-file = "/srv/secrets/backplane-client/limina.passwd";
           target-file = "/srv/backplane/dns/client.passwd";
           user = config.fudo.client.dns.user;
         };
diff --git a/config/host-config/procul.nix b/config/host-config/procul.nix
index 62a283e..6ba765d 100644
--- a/config/host-config/procul.nix
+++ b/config/host-config/procul.nix
@@ -73,19 +73,19 @@ in {
 
     secrets.procul = {
       backplane-client-passwd = {
-        source-file = /srv/secrets/backplane-client/procul.passwd;
+        source-file = "/srv/secrets/backplane-client/procul.passwd";
         target-file = "/srv/backplane/dns/client.passwd";
         user = config.fudo.client.dns.user;
       };
 
       postgres-keytab = {
-        source-file = /srv/secrets/kerberos/procul-postgres.keytab;
+        source-file = "/srv/secrets/kerberos/procul-postgres.keytab";
         target-file = "/srv/postgres/secure/postgres.keytab";
         user = "root";
       };
 
       gitea-database-password = {
-        source-file = /srv/secrets/gitea/procul-database.passwd;
+        source-file = "/srv/secrets/gitea/procul-database.passwd";
         target-file = "/srv/gitea/secure/database.passwd";
         user = config.fudo.git.user;
       };
diff --git a/lib/fudo/secrets.nix b/lib/fudo/secrets.nix
index 83c4d2f..5822d14 100644
--- a/lib/fudo/secrets.nix
+++ b/lib/fudo/secrets.nix
@@ -57,7 +57,7 @@ let
   secretOpts = { ... }: {
     options = with types; {
       source-file = mkOption {
-        type = path;
+        type = str;
         description = "File from which to load the secret.";
       };