diff --git a/debian/wit-network-config.displace b/debian/wit-network-config.displace
index 4ebed6d..afcdc27 100644
--- a/debian/wit-network-config.displace
+++ b/debian/wit-network-config.displace
@@ -1,6 +1,5 @@
 /etc/frr/frr.conf.wit
 /etc/ipsec.conf.wit
-/etc/ipsec.secrets.wit
 /etc/qemu-ifdown.wit
 /etc/qemu-ifup.wit
 /etc/default/lldpd.wit
diff --git a/debian/wit-network-config.install b/debian/wit-network-config.install
index a95d0c6..bcce82c 100644
--- a/debian/wit-network-config.install
+++ b/debian/wit-network-config.install
@@ -18,4 +18,3 @@ templates/frr.conf.wit etc/frr
 templates/70-persistent-net.rules etc/udev/rules.d
 templates/interfaces /etc/network
 templates/ipsec.conf.wit etc
-templates/ipsec.secrets.wit etc
diff --git a/debian/wit-network-config.postinst b/debian/wit-network-config.postinst
index cc9dba4..285da2c 100755
--- a/debian/wit-network-config.postinst
+++ b/debian/wit-network-config.postinst
@@ -26,7 +26,7 @@ case "$1" in
         UDEVCONFIG="etc/udev/rules.d/70-persistent-net.rules"
         FRRCONFIG="etc/frr/frr.conf.wit"
         IPSECCONFIG="etc/ipsec.conf.wit"
-        IPSECSECRETS="etc/ipsec.secrets.wit"
+        IPSECSECRETS="etc/ipsec.secrets"
         SWANCTLCONFIG="etc/swanctl/conf.d/wit-swanctl.conf"
         SYSCTLTWEAKS="etc/sysctl.d/10-frr.conf"
         DOMAINNAME=$(hostname -d)
@@ -356,7 +356,7 @@ case "$1" in
 
 
       # set ipsec config
-        for IPSECCONFIGFILE in $IPSECCONFIG $SWANCTLCONFIG $IPSECSECRETS
+        for IPSECCONFIGFILE in $IPSECCONFIG $SWANCTLCONFIG
 	  do
             sed -i \
                 -e "s/FQHOSTNAME/${HOSTNAME}/" \
@@ -367,6 +367,11 @@ case "$1" in
                 $IPSECCONFIGFILE
         done
 
+	cat <<-EOF >$IPSECSECRETS
+		# dynamic file, content is overwritten by wit-network-config. I'm sorry but divertion is not working due to apparmor blocking it to this place and didn't wanna deal with that
+		: RSA ${HOSTNAME}.key
+	EOF
+
     ## END config file section
 
 
diff --git a/templates/ipsec.secrets.wit b/templates/ipsec.secrets.wit
deleted file mode 100644
index 46378f0..0000000
--- a/templates/ipsec.secrets.wit
+++ /dev/null
@@ -1,2 +0,0 @@
-# this file is dynamic and managed by wit-network-config, any changes will be lost
-: RSA FQHOSTNAME.key