diff --git a/config/secrets.nix b/config/secrets.nix
index 0b750cb..0bbe181 100644
--- a/config/secrets.nix
+++ b/config/secrets.nix
@@ -55,7 +55,6 @@
     ${decrypt} ${lib.escapeShellArg dep.file} \
       | tr -d '\n' \
       | ${pkgs.libargon2}/bin/argon2 "$(${pkgs.openssl}/bin/openssl rand -base64 16)" -id -e \
-      | tr -d '\n' \
       || die "Failure while generating argon2id hash"
   '';
 
diff --git a/hosts/envoy/stalwart-mail.nix b/hosts/envoy/stalwart-mail.nix
index a91b0a5..0ba66ef 100644
--- a/hosts/envoy/stalwart-mail.nix
+++ b/hosts/envoy/stalwart-mail.nix
@@ -66,7 +66,7 @@ in {
       lib.mkForce {
         authentication.fallback-admin = {
           user = "admin";
-          secret = "%{file:${config.age.secrets.stalwart-admin-hash.path}}%";
+          secret = "%{file:/run/stalwart-mail/admin-hash}%";
         };
 
         tracer.stdout = {
@@ -478,6 +478,8 @@ in {
   in {
     preStart = lib.mkAfter ''
       cat ${configFile} > /run/stalwart-mail/config.toml
+      cat ${config.age.secrets.stalwart-admin-hash.path} \
+        | tr -d '\n' > /run/stalwart-mail/admin-hash
     '';
     serviceConfig = {
       RuntimeDirectory = "stalwart-mail";