diff --git a/machines/hippocampus/servers/public/matrix/turn.nix b/machines/hippocampus/servers/public/matrix/turn.nix
index 11e2e84..6da76da 100644
--- a/machines/hippocampus/servers/public/matrix/turn.nix
+++ b/machines/hippocampus/servers/public/matrix/turn.nix
@@ -3,6 +3,7 @@
   sops.secrets.coturn-secret = {
     owner = "turnserver";
     group = config.services.matrix-tuwunel.group;
+    mode = "0440";
   };
   # TODO: patch coturn service to specify user/group
   systemd.services.coturn.serviceConfig.Group = lib.mkForce config.services.caddy.group;
@@ -24,7 +25,6 @@
         "turn:turn.glia.club?transport=udp"
         "turn:turn.glia.club?transport=tcp"
       ];
-      turn_secret = true;
       turn_secret_file = config.sops.secrets.coturn-secret.path;
     };
   };