diff --git a/docker/config/debug.tf b/docker/config/debug.tf
index 00388da..b413525 100644
--- a/docker/config/debug.tf
+++ b/docker/config/debug.tf
@@ -1,5 +1,6 @@
 resource "local_file" "config" {
-  count    = var.debug ? 1 : 0
-  content  = var.value
-  filename = "${path.root}/.debug/docker/${var.stack_name}/configs/${local.file_name}"
+  count           = var.debug ? 1 : 0
+  content         = var.value
+  filename        = "${path.root}/.debug/docker/${var.stack_name}/configs/${local.file_name}"
+  file_permission = "0600"
 }
\ No newline at end of file
diff --git a/products/docker_registry/registry.tf b/products/docker_registry/registry.tf
index abdf618..66e817e 100644
--- a/products/docker_registry/registry.tf
+++ b/products/docker_registry/registry.tf
@@ -58,8 +58,9 @@ module "docker_registry_config" {
   value = yamlencode(local.registry_config_yaml)
 }
 resource "local_file" "docker_registry_config_yml" {
-  content  = yamlencode(local.registry_config_yaml)
-  filename = "${path.root}/.debug/docker-registry/config.yml"
+  content         = yamlencode(local.registry_config_yaml)
+  filename        = "${path.root}/.debug/docker-registry/config.yml"
+  file_permission = "0600"
 }
 
 # Registry Service
diff --git a/products/nginx/default_page.tf b/products/nginx/default_page.tf
index 649a096..ecc5e94 100644
--- a/products/nginx/default_page.tf
+++ b/products/nginx/default_page.tf
@@ -6,14 +6,16 @@ resource "docker_config" "default_page" {
   data = base64encode(local.default_page)
 }
 resource "local_file" "default_page" {
-  content  = base64decode(docker_config.default_page.data)
-  filename = "${path.root}/.debug/nginx/index.html"
+  content         = base64decode(docker_config.default_page.data)
+  filename        = "${path.root}/.debug/nginx/index.html"
+  file_permission = "0600"
 }
 resource "docker_config" "default_conf" {
   name = "${var.service_name}.default.conf-${substr(sha1(file("${path.module}/default.conf")), 0, 4)}"
   data = base64encode(file("${path.module}/default.conf"))
 }
 resource "local_file" "default_conf" {
-  content  = base64decode(docker_config.default_conf.data)
-  filename = "${path.root}/.debug/nginx/default.conf"
+  content         = base64decode(docker_config.default_conf.data)
+  filename        = "${path.root}/.debug/nginx/default.conf"
+  file_permission = "0600"
 }
diff --git a/products/nginx/site-available/basic-auth.tf b/products/nginx/site-available/basic-auth.tf
index f8307c2..d47aa91 100644
--- a/products/nginx/site-available/basic-auth.tf
+++ b/products/nginx/site-available/basic-auth.tf
@@ -16,7 +16,8 @@ resource "docker_config" "auth" {
   data  = base64encode(local.auth)
 }
 resource "local_file" "auth" {
-  count    = var.basic_auth != null ? 1 : 0
-  content  = local.auth
-  filename = "${path.root}/.debug/nginx/${local.filenames.auth}"
+  count           = var.basic_auth != null ? 1 : 0
+  content         = local.auth
+  filename        = "${path.root}/.debug/nginx/${local.filenames.auth}"
+  file_permission = "0600"
 }
diff --git a/products/nginx/site-available/cert.tf b/products/nginx/site-available/cert.tf
index 580a74a..52fc65d 100644
--- a/products/nginx/site-available/cert.tf
+++ b/products/nginx/site-available/cert.tf
@@ -7,9 +7,10 @@ resource "docker_config" "certificate" {
   }
 }
 resource "local_file" "certificate" {
-  count    = var.certificate != null ? 1 : 0
-  content  = local.cert_public
-  filename = "${path.root}/.debug/nginx/${local.filenames.certificate}"
+  count           = var.certificate != null ? 1 : 0
+  content         = local.cert_public
+  filename        = "${path.root}/.debug/nginx/${local.filenames.certificate}"
+  file_permission = "0600"
 }
 resource "docker_config" "certificate_key" {
   count = var.certificate != null ? 1 : 0
@@ -20,7 +21,8 @@ resource "docker_config" "certificate_key" {
   }
 }
 resource "local_file" "certificate_key" {
-  count    = var.certificate != null ? 1 : 0
-  content  = var.certificate.private_key_pem
-  filename = "${path.root}/.debug/nginx/${local.filenames.certificate_key}"
+  count           = var.certificate != null ? 1 : 0
+  content         = var.certificate.private_key_pem
+  filename        = "${path.root}/.debug/nginx/${local.filenames.certificate_key}"
+  file_permission = "0600"
 }
diff --git a/products/nginx/site-available/config.tf b/products/nginx/site-available/config.tf
index 2408ef3..79a01aa 100644
--- a/products/nginx/site-available/config.tf
+++ b/products/nginx/site-available/config.tf
@@ -72,6 +72,7 @@ resource "docker_config" "nginx_site_available" {
 
 # Debug copy of the configuration file
 resource "local_file" "nginx_site_available" {
-  filename = "${path.root}/.debug/nginx/${local.filenames.nginx}"
-  content  = local.config
+  filename        = "${path.root}/.debug/nginx/${local.filenames.nginx}"
+  content         = local.config
+  file_permission = "0600"
 }