diff --git a/tasks/main.yml b/tasks/main.yml
index 70cc1e4..505ee42 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,5 +1,12 @@
 ---
 
+- name: Ensure permissions on signing key
+  file:
+    path: "{{ role_path }}/files/{{ ssh_ca_signing_key }}"
+    state: file
+    mode: 0600
+  delegate_to: localhost
+
 - name: Generate key pair
   openssh_keypair:
     path: "/etc/ssh/{{ ssh_ca_key_name }}"