diff --git a/setup/management.sh b/setup/management.sh
index b793b990..e8220609 100755
--- a/setup/management.sh
+++ b/setup/management.sh
@@ -10,6 +10,8 @@ mkdir -p $STORAGE_ROOT/backup
 if [ ! -f $STORAGE_ROOT/backup/secret_key.txt ]; then
 	openssl rand -base64 2048 > $STORAGE_ROOT/backup/secret_key.txt
 fi
+# The secret key to encrypt backups should not be world readable.
+chmod 0600 $STORAGE_ROOT/backup/secret_key.txt
 
 # Link the management server daemon into a well known location.
 rm -f /usr/local/bin/mailinabox-daemon