diff --git a/tasks/first_server.yml b/tasks/first_server.yml
index 46987bf..bd91a4c 100644
--- a/tasks/first_server.yml
+++ b/tasks/first_server.yml
@@ -19,7 +19,7 @@
     dest: /etc/rancher/rke2/config.yaml
     owner: root
     group: root
-    mode: 0644
+    mode: 0600
   register: config_file_is_changed
 
 - name: Copy Containerd Registry Configuration file
@@ -28,7 +28,7 @@
     dest: /etc/rancher/rke2/registries.yaml
     owner: root
     group: root
-    mode: 0644
+    mode: 0600
   when: (rke2_custom_registry_mirrors | length > 0 or rke2_custom_registry_configs | length > 0)
   register: config_file_is_changed
 
diff --git a/tasks/remaining_nodes.yml b/tasks/remaining_nodes.yml
index b457c88..643936b 100644
--- a/tasks/remaining_nodes.yml
+++ b/tasks/remaining_nodes.yml
@@ -24,7 +24,7 @@
     dest: /etc/rancher/rke2/config.yaml
     owner: root
     group: root
-    mode: 0644
+    mode: 0600
   register: config_file_is_changed
 
 - name: Copy Containerd Registry Configuration file
@@ -33,7 +33,7 @@
     dest: /etc/rancher/rke2/registries.yaml
     owner: root
     group: root
-    mode: 0644
+    mode: 0600
   when: (rke2_custom_registry_mirrors | length > 0 or rke2_custom_registry_configs | length > 0)
   register: config_file_is_changed
 
diff --git a/tasks/standalone.yml b/tasks/standalone.yml
index 3335b1b..e6798d8 100644
--- a/tasks/standalone.yml
+++ b/tasks/standalone.yml
@@ -14,7 +14,7 @@
     dest: /etc/rancher/rke2/config.yaml
     owner: root
     group: root
-    mode: 0644
+    mode: 0600
   register: config_file_is_changed
 
 - name: Copy Containerd Registry Configuration file
@@ -23,7 +23,7 @@
     dest: /etc/rancher/rke2/registries.yaml
     owner: root
     group: root
-    mode: 0644
+    mode: 0600
   when: rke2_custom_registry_mirrors.0.endpoint | length > 0
   register: config_file_is_changed