diff --git a/.gitattributes b/.gitattributes
index b0835ba..2be6974 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -1 +1 @@
-secrets.yaml filter=git-crypt diff=git-crypt
+_secrets.yaml filter=git-crypt diff=git-crypt
diff --git a/nodes/hellas/_defaults.yaml b/nodes/hellas/_defaults.yaml
index 73e3cdc..ba25a2f 100644
--- a/nodes/hellas/_defaults.yaml
+++ b/nodes/hellas/_defaults.yaml
@@ -4,3 +4,4 @@ installDisk: /dev/sda
 cluster:
     name: hellas
     controlPlaneIp: 10.0.2.1
+    secretsFile: !realpath _secrets.yaml
diff --git a/nodes/hellas/_secrets.yaml b/nodes/hellas/_secrets.yaml
new file mode 100644
index 0000000..8c5fab6
Binary files /dev/null and b/nodes/hellas/_secrets.yaml differ
diff --git a/nodes/testing/_defaults.yaml b/nodes/testing/_defaults.yaml
index 1a4c0e2..69ecfd6 100644
--- a/nodes/testing/_defaults.yaml
+++ b/nodes/testing/_defaults.yaml
@@ -4,3 +4,4 @@ installDisk: /dev/vda
 cluster:
     name: testing
     controlPlaneIp: 192.168.1.100
+    secretsFile: !realpath _secrets.yaml
diff --git a/secrets.yaml b/nodes/testing/_secrets.yaml
similarity index 100%
rename from secrets.yaml
rename to nodes/testing/_secrets.yaml
diff --git a/templates/generate_configs.sh b/templates/generate_configs.sh
index 8fa9106..65707d0 100644
--- a/templates/generate_configs.sh
+++ b/templates/generate_configs.sh
@@ -1,12 +1,11 @@
 #!/usr/bin/env bash
 set -euo pipefail
-ROOT={{ root }}
-CONFIGS=${ROOT}/configs
+CONFIGS={{ root }}/configs
 
 # Generate the configuration for each node
 {% for node in nodes -%}
 talosctl gen config {{ node.cluster.name }} https://{{ node.cluster.controlPlaneIp }}:6443 -f \
-	--with-secrets ${ROOT}/secrets.yaml \
+	--with-secrets {{ node.cluster.secretsFile }} \
 	--talos-version {{ node.talosVersion }} \
 	--kubernetes-version {{ node.kubernesVersion }} \
 	--output-types {{ node.type }} \
@@ -26,7 +25,7 @@ talosctl gen config {{ node.cluster.name }} https://{{ node.cluster.controlPlane
 # Generate the talosconfig file for each cluster
 {% for cluster in clusters -%}
 talosctl gen config {{ cluster.name }} https://{{ cluster.controlPlaneIp }}:6443 -f \
-	--with-secrets ${ROOT}/secrets.yaml \
+	--with-secrets {{ cluster.secretsFile }} \
 	--output-types talosconfig \
 	-o ${CONFIGS}/{{ cluster.name }}/talosconfig
 {% endfor %}