diff --git a/roles/kubernetes/tokens/tasks/main.yml b/roles/kubernetes/tokens/tasks/main.yml
index 49b8c13fa28c3f8eb06484b07f7a635464ec7934..d454a80cf2a22a5bffc8737822471e69f6ec39bd 100644
--- a/roles/kubernetes/tokens/tasks/main.yml
+++ b/roles/kubernetes/tokens/tasks/main.yml
@@ -10,7 +10,7 @@
   file:
     path: "{{ kube_token_dir }}"
     state: directory
-    mode: o-rwx
+    mode: 0644
     group: "{{ kube_cert_group }}"
 
 - import_tasks: gen_tokens.yml