diff --git a/roles/is-collector/templates/docker-compose.yml.j2 b/roles/is-collector/templates/docker-compose.yml.j2
index eb412c8..3fff575 100644
--- a/roles/is-collector/templates/docker-compose.yml.j2
+++ b/roles/is-collector/templates/docker-compose.yml.j2
@@ -39,20 +39,25 @@ services:
     secrets:
       - source: {{ service_prefix }}-ghn-config-{{ scope_name }}
         target: /home/gcube/gCore/config/GHNConfig.xml
-        mode: 0444
+        gid: 333
+        mode: 0440
       - source: {{ service_prefix }}-jndi-config-{{ scope_name }}
         target: /home/gcube/gCore/etc/is-collector-service/jndi-config.xml
-        mode: 0444
+        gid: 333
+        mode: 0440
       - source: {{ service_prefix }}-server-config-{{ scope_name }}
         target: /home/gcube/gCore/etc/globus_wsrf_core/server-config.wsdd
-        mode: 0444
+        gid: 333
+        mode: 0440
       - source: gcube-dev-legacy-security-key
         target: /home/gcube/gCore/config/symm.key
-        mode: 0444
+        gid: 333
+        mode: 0440
 {% for item in gcube_dev_security_keys %}
       - source: {{ item.name }}
         target: /home/gcube/gCore/config/{{ item.name }}
-        mode: 044
+        gid: 333
+        mode: 0440
 {% endfor %}
     deploy:
       mode: replicated
diff --git a/roles/is-registry/templates/docker-compose.yml.j2 b/roles/is-registry/templates/docker-compose.yml.j2
index 74373a4..84a2be4 100644
--- a/roles/is-registry/templates/docker-compose.yml.j2
+++ b/roles/is-registry/templates/docker-compose.yml.j2
@@ -28,20 +28,25 @@ services:
     secrets:
       - source: ghn-config-{{ scope_name }}
         target: /home/gcube/gCore/config/GHNConfig.xml
-        mode: 0444
+        gid: 333
+        mode: 0440
       - source: jndi-config-{{ scope_name }}
         target: /home/gcube/gCore/etc/is-registry-service/jndi-config.xml
-        mode: 0444
+        gid: 333
+        mode: 0440
       - source: server-config-{{ scope_name }}
         target: /home/gcube/gCore/etc/globus_wsrf_core/server-config.wsdd
-        mode: 0444
+        gid: 333
+        mode: 0440
       - source: gcube-dev-legacy-security-key
         target: /home/gcube/gCore/config/symm.key
-        mode: 0444
+        gid: 333
+        mode: 0440
 {% for item in gcube_dev_security_keys %}
       - source: {{ item.name }}
         target: /home/gcube/gCore/config/{{ item.name }}
-        mode: 044
+        gid: 333
+        mode: 0440
 {% endfor %}
     deploy:
       mode: replicated