diff --git a/pkgs/sops-install-secrets/main.go b/pkgs/sops-install-secrets/main.go
index cb2392c..1737887 100644
--- a/pkgs/sops-install-secrets/main.go
+++ b/pkgs/sops-install-secrets/main.go
@@ -1,6 +1,7 @@
 package main
 
 import (
+	"encoding/hex"
 	"encoding/json"
 	"errors"
 	"fmt"
@@ -306,7 +307,8 @@ func atomicSymlink(oldname, newname string) error {
 
 func importSSHKeys(keyPaths []string, gpgHome string) error {
 	secringPath := filepath.Join(gpgHome, "secring.gpg")
-	secring, err := os.Create(secringPath)
+
+	secring, err := os.OpenFile(secringPath, os.O_WRONLY|os.O_CREATE, 0600)
 	if err != nil {
 		return fmt.Errorf("Cannot create %s: %s", secringPath, err)
 	}
@@ -319,9 +321,12 @@ func importSSHKeys(keyPaths []string, gpgHome string) error {
 		if err != nil {
 			return err
 		}
+
 		if err := gpgKey.SerializePrivate(secring, nil); err != nil {
 			return fmt.Errorf("Cannot write secring: %s", err)
 		}
+
+		fmt.Printf("Imported %s with fingerprint %s", path, hex.EncodeToString(gpgKey.PrimaryKey.Fingerprint[:]))
 	}
 
 	return nil