diff --git a/tasks/main.yml b/tasks/main.yml
index 836b36db..727ce3d1 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -44,6 +44,7 @@
     state: directory
     owner: "{{ nomad_user }}"
     group: "{{ nomad_group }}"
+    mode: "0700"
   with_items:
     - "{{ nomad_data_dir }}"
     - "{{ nomad_plugin_dir }}"
@@ -62,7 +63,7 @@
     state: directory
     owner: root
     group: root
-    mode: 0755
+    mode: 0700
 
 - name: Base configuration
   template:
@@ -70,7 +71,7 @@
     dest: "{{ nomad_config_dir }}/base.hcl"
     owner: root
     group: root
-    mode: 0644
+    mode: 0600
   notify:
     - restart nomad
 
@@ -91,7 +92,7 @@
     dest: "{{ nomad_config_dir }}/server.hcl"
     owner: root
     group: root
-    mode: 0644
+    mode: 0600
   when:
     - _nomad_node_server | bool
   notify:
@@ -113,7 +114,7 @@
     dest: "{{ nomad_config_dir }}/client.hcl"
     owner: root
     group: root
-    mode: 0644
+    mode: 0600
   when:
     - _nomad_node_client | bool
   notify:
@@ -135,7 +136,7 @@
     dest: "{{ nomad_config_dir }}/custom.json"
     owner: root
     group: root
-    mode: 0644
+    mode: 0600
   when:
     - nomad_config_custom is defined
   notify:
diff --git a/tasks/tls.yml b/tasks/tls.yml
index 69fdb6cd..7fe216a3 100644
--- a/tasks/tls.yml
+++ b/tasks/tls.yml
@@ -8,7 +8,7 @@
         state: directory
         owner: "{{ nomad_user }}"
         group: "{{ nomad_group }}"
-        mode: 0755
+        mode: 0700
 
     - name: Copy CA certificate
       copy:
@@ -17,7 +17,7 @@
         dest: "{{ nomad_tls_dir }}/{{ nomad_ca_file | basename }}"
         owner: "{{ nomad_user }}"
         group: "{{ nomad_group }}"
-        mode: 0644
+        mode: 0600
       notify: restart nomad
 
     - name: Copy certificate
@@ -27,7 +27,7 @@
         dest: "{{ nomad_tls_dir }}/{{ nomad_cert_file | basename }}"
         owner: "{{ nomad_user }}"
         group: "{{ nomad_group }}"
-        mode: 0644
+        mode: 0600
       notify: restart nomad
 
     - name: Copy key