diff --git a/.github/workflows/api-deploy-staging-ecs.yml b/.github/workflows/api-deploy-staging-ecs.yml
index b02ff61bebe9..ea05fddfc6b0 100644
--- a/.github/workflows/api-deploy-staging-ecs.yml
+++ b/.github/workflows/api-deploy-staging-ecs.yml
@@ -8,6 +8,7 @@ on:
       - api/**
       - .github/**
       - infrastructure/aws/staging/**
+      - fix/ecs-deploy-secrets
   workflow_dispatch:
 
 jobs:
diff --git a/Dockerfile b/Dockerfile
index 994fe539fae5..914ba471d6f1 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -167,7 +167,8 @@ FROM api-runtime-private as saas-api
 RUN --mount=type=secret,id=sse_pgp_pkey \
   apt-get update && apt-get install -y gnupg && \
   gpg --import /run/secrets/sse_pgp_pkey && \
-  mv /root/.gnupg/ /app/
+  mv /root/.gnupg/ /app/ && \
+  chown -R nobody /app/.gnupg/
 
 ARG PYTHON_SITE_DIR
 COPY --from=build-python-private ${PYTHON_SITE_DIR} ${PYTHON_SITE_DIR}