diff --git a/roles/hedgedoc/templates/config.json.j2 b/roles/hedgedoc/templates/config.json.j2
index 57d08fb6853867aeb579c8409b59b0bb571109a5..29ef1cc34e35a581ff79fdf65f29cd4190c83e29 100644
--- a/roles/hedgedoc/templates/config.json.j2
+++ b/roles/hedgedoc/templates/config.json.j2
@@ -35,6 +35,9 @@
             "host": "localhost",
             "port": "5432"
         },
-        "linkifyHeaderStyle": "gfm"
+        "linkifyHeaderStyle": "gfm",
+        "oauth2": {
+            "clientSecret": "{{ vault_hedgedoc_client_secret }}"
+        }
     }
 }
diff --git a/roles/hedgedoc/templates/hedgedoc.service.d.j2 b/roles/hedgedoc/templates/hedgedoc.service.d.j2
index 06ca55e07f6c4dc30c4beb6ecac98f87c5fb7c7d..bb5f6ff19ce0d66929ffb5be5b0df28cdc98bafa 100644
--- a/roles/hedgedoc/templates/hedgedoc.service.d.j2
+++ b/roles/hedgedoc/templates/hedgedoc.service.d.j2
@@ -6,7 +6,6 @@ Environment=CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR=email
 Environment=CMD_OAUTH2_TOKEN_URL=https://accounts.archlinux.org/realms/archlinux/protocol/openid-connect/token
 Environment=CMD_OAUTH2_AUTHORIZATION_URL=https://accounts.archlinux.org/realms/archlinux/protocol/openid-connect/auth
 Environment=CMD_OAUTH2_CLIENT_ID=openid_hedgedoc
-Environment=CMD_OAUTH2_CLIENT_SECRET={{ vault_hedgedoc_client_secret }}
 Environment=CMD_OAUTH2_SCOPE="openid email profile roles"
 Environment=CMD_OAUTH2_ROLES_CLAIM=roles
 Environment=CMD_OAUTH2_ACCESS_ROLE=Staff