diff --git a/app/lib/dal/fileDALs/CFSCore.ts b/app/lib/dal/fileDALs/CFSCore.ts
index c42bc9891acc3ab87f2087b6bc2199d9cf8e3dfe..2c46c2ef6ba1957f57e75238927659b421747707 100644
--- a/app/lib/dal/fileDALs/CFSCore.ts
+++ b/app/lib/dal/fileDALs/CFSCore.ts
@@ -112,8 +112,20 @@ export class CFSCore {
    * @param content String content to write.
    * @param deep Wether to make a deep write or not.
    */
-  async write(filePath: string, content: string, deep: boolean): Promise<void> {
-    return this.qfs.fsWrite(path.join(this.rootPath, filePath), content);
+  async write(
+    filePath: string,
+    content: string,
+    deep: boolean,
+    secureMode: boolean = false
+  ): Promise<void> {
+    if (secureMode) {
+      return this.qfs.fsWriteSecure(
+        path.join(this.rootPath, filePath),
+        content
+      );
+    } else {
+      return this.qfs.fsWrite(path.join(this.rootPath, filePath), content);
+    }
   }
 
   /**
diff --git a/app/lib/system/directory.ts b/app/lib/system/directory.ts
index b8fec8b43c0249082539c6fe3d23363521ed59ef..436bd0f60028617eb1ad0c4e92b946c63c691efb 100644
--- a/app/lib/system/directory.ts
+++ b/app/lib/system/directory.ts
@@ -50,6 +50,7 @@ export interface FileSystem {
   fsUnlink(file: string): Promise<boolean>;
   fsList(dir: string): Promise<string[]>;
   fsWrite(file: string, content: string): Promise<void>;
+  fsWriteSecure(file: string, content: string): Promise<void>;
   fsMakeDirectory(dir: string): Promise<void>;
   fsRemoveTree(dir: string): Promise<void>;
   fsStreamTo(file: string, iterator: IterableIterator<string>): Promise<void>;
@@ -69,7 +70,6 @@ class QioFileSystem implements FileSystem {
   async fsReadFile(file: string) {
     return this.qio.read(file);
   }
-
   async fsUnlink(file: string) {
     return this.qio.remove(file);
   }
@@ -85,6 +85,10 @@ class QioFileSystem implements FileSystem {
     return this.qio.write(file, content);
   }
 
+  fsWriteSecure(file: string, content: string): Promise<void> {
+    return this.qio.write(file, content, undefined, undefined, { mode: 0o640 });
+  }
+
   async fsStreamTo(
     file: string,
     iterator: IterableIterator<string>
diff --git a/app/modules/keypair/index.ts b/app/modules/keypair/index.ts
index e3d971d00c921440025e526ba41cd4368ba22e71..da7f21c9c5e71be98c247ba451c83db625b02cc4 100644
--- a/app/modules/keypair/index.ts
+++ b/app/modules/keypair/index.ts
@@ -152,7 +152,7 @@ export const KeypairDependency = {
         // We save the key in a separate file
         const keyring =
           'pub: "' + conf.pair.pub + '"\n' + 'sec: "' + conf.pair.sec + '"';
-        await confDAL.coreFS.write("keyring.yml", keyring);
+        await confDAL.coreFS.write("keyring.yml", keyring, false, true);
 
         // We never want to store salt, password or keypair in the conf.json file
         delete conf.salt;