diff --git a/imageroot/bin/create-secrets b/imageroot/bin/create-secrets
index 99c362a..3fb834d 100755
--- a/imageroot/bin/create-secrets
+++ b/imageroot/bin/create-secrets
@@ -7,14 +7,16 @@
 
 set -e
 
-# restict to 400
-umask 266
+
 
 if [[ ! -d ~/.config/state/secrets ]]; then
     /usr/bin/mkdir -p ~/.config/state/secrets
 fi
 
+# restict to 400
+umask 266
+
 if [[ ! -f ~/.config/state/secrets/passwords.secret ]]; then
     password_postgres=$(/usr/bin/openssl rand -hex 20)
     /usr/bin/echo "POSTGRES_PASSWORD=$password_postgres" > ~/.config/state/secrets/passwords.secret
-fi
\ No newline at end of file
+fi