diff --git a/nginx-create-session-ticket-keys b/nginx-create-session-ticket-keys
index aee3b38..879d333 100755
--- a/nginx-create-session-ticket-keys
+++ b/nginx-create-session-ticket-keys
@@ -2,8 +2,6 @@
 
 set -o errexit -o nounset -o pipefail
 
-umask 077
-
 cd /etc/nginx/session-ticket-keys
 
 for i in {1..4}; do
diff --git a/nginx-rotate-session-ticket-keys b/nginx-rotate-session-ticket-keys
index 4798316..8c27379 100755
--- a/nginx-rotate-session-ticket-keys
+++ b/nginx-rotate-session-ticket-keys
@@ -2,8 +2,6 @@
 
 set -o errexit -o nounset -o pipefail
 
-umask 077
-
 cd /etc/nginx/session-ticket-keys
 
 rsync -I 2.key 1.key
diff --git a/systemd/system/nginx-create-session-ticket-keys.service b/systemd/system/nginx-create-session-ticket-keys.service
index 87f1dd4..2dfb16a 100644
--- a/systemd/system/nginx-create-session-ticket-keys.service
+++ b/systemd/system/nginx-create-session-ticket-keys.service
@@ -7,6 +7,7 @@ Type=oneshot
 User=root
 Group=root
 ExecStart=/usr/local/bin/nginx-create-session-ticket-keys
+UMask=0077
 
 [Install]
 WantedBy=multi-user.target
diff --git a/systemd/system/nginx-rotate-session-ticket-keys.service b/systemd/system/nginx-rotate-session-ticket-keys.service
index 65b89b8..19064c8 100644
--- a/systemd/system/nginx-rotate-session-ticket-keys.service
+++ b/systemd/system/nginx-rotate-session-ticket-keys.service
@@ -7,3 +7,4 @@ Type=oneshot
 User=root
 Group=root
 ExecStart=/usr/local/bin/nginx-rotate-session-ticket-keys
+UMask=0077