diff --git a/backend-api-internal/deployment.yaml b/backend-api-internal/deployment.yaml
index d0f6281..7c0ef56 100644
--- a/backend-api-internal/deployment.yaml
+++ b/backend-api-internal/deployment.yaml
@@ -15,6 +15,22 @@ spec:
     spec:
       imagePullSecrets:
         - name: ghcr-secret
+      initContainers:
+        - name: copy-secrets
+          image: busybox
+          command:
+            - sh
+            - -c
+            - |
+              for f in /secrets/*; do
+                cp "$f" /etc/secrets/
+                chmod 666 "/etc/secrets/$(basename $f)"
+              done
+          volumeMounts:
+            - name: backend-api-internal-secrets
+              mountPath: /secrets
+            - name: writable-secrets
+              mountPath: /etc/secrets
       containers:
         - name: backend-api-internal
           image: ghcr.io/gansejunge/app-notifications-backend-api-internal:11
@@ -28,10 +44,13 @@ spec:
             - name: LOG_LEVEL
               value: "INFO"
           volumeMounts:
-            - name: backend-api-internal-secrets
+            - name: writable-secrets
               mountPath: /etc/secrets
               readOnly: true
       volumes:
         - name: backend-api-internal-secrets
           secret:
             secretName: backend-api-internal
+        - name: writable-secrets
+          emptyDir: {}
+
diff --git a/backend-push-notifications/deployment.yaml b/backend-push-notifications/deployment.yaml
index f2b4c1f..0e210ed 100644
--- a/backend-push-notifications/deployment.yaml
+++ b/backend-push-notifications/deployment.yaml
@@ -15,6 +15,22 @@ spec:
     spec:
       imagePullSecrets:
         - name: ghcr-secret
+      initContainers:
+        - name: copy-secrets
+          image: busybox
+          command:
+            - sh
+            - -c
+            - |
+              for f in /secrets/*; do
+                cp "$f" /etc/secrets/
+                chmod 666 "/etc/secrets/$(basename $f)"
+              done
+          volumeMounts:
+            - name: backend-push-notifications-secrets
+              mountPath: /secrets
+            - name: writable-secrets
+              mountPath: /etc/secrets
       containers:
         - name: backend-push-notifications
           image: ghcr.io/gansejunge/app-notifications-backend-push-notifications:8
@@ -27,10 +43,12 @@ spec:
             - name: BACKEND_PN_DB_HOST
               value: "mysql.app-notifications.svc.cluster.local"
           volumeMounts:
-            - name: backend-push-notifications-secrets
+            - name: writable-secrets
               mountPath: /etc/secrets
               readOnly: true
       volumes:
         - name: backend-push-notifications-secrets
           secret:
             secretName: backend-push-notifications
+        - name: writable-secrets
+          emptyDir: {}
diff --git a/service-docker-repository-query/deployment.yaml b/service-docker-repository-query/deployment.yaml
index 30407fa..80f2445 100644
--- a/service-docker-repository-query/deployment.yaml
+++ b/service-docker-repository-query/deployment.yaml
@@ -15,6 +15,22 @@ spec:
     spec:
       imagePullSecrets:
         - name: ghcr-secret
+      initContainers:
+        - name: copy-secrets
+          image: busybox
+          command:
+            - sh
+            - -c
+            - |
+              for f in /secrets/*; do
+                cp "$f" /etc/secrets/
+                chmod 666 "/etc/secrets/$(basename $f)"
+              done
+          volumeMounts:
+            - name: service-docker-repository-query-secrets
+              mountPath: /secrets
+            - name: writable-secrets
+              mountPath: /etc/secrets
       containers:
         - name: service-docker-repository-query
           image: ghcr.io/gansejunge/app-notifications-service-docker-repository-query:13
@@ -29,10 +45,12 @@ spec:
             - name: BACKEND_API_URL
               value: "http://backend-api-internal.app-notifications.svc.cluster.local:8101/internal/receive-notifications"
           volumeMounts:
-            - name: service-docker-repository-query-secrets
+            - name: writable-secrets
               mountPath: /etc/secrets
               readOnly: true
       volumes:
         - name: service-docker-repository-query-secrets
           secret:
             secretName: service-docker-repository-query
+        - name: writable-secrets
+          emptyDir: {}
diff --git a/service-royalroad-chapters/deployment.yaml b/service-royalroad-chapters/deployment.yaml
index 2d06020..c0074e5 100644
--- a/service-royalroad-chapters/deployment.yaml
+++ b/service-royalroad-chapters/deployment.yaml
@@ -15,6 +15,22 @@ spec:
     spec:
       imagePullSecrets:
         - name: ghcr-secret
+      initContainers:
+        - name: copy-secrets
+          image: busybox
+          command:
+            - sh
+            - -c
+            - |
+              for f in /secrets/*; do
+                cp "$f" /etc/secrets/
+                chmod 666 "/etc/secrets/$(basename $f)"
+              done
+          volumeMounts:
+            - name: service-royalroad-chapters-secrets
+              mountPath: /secrets
+            - name: writable-secrets
+              mountPath: /etc/secrets
       containers:
         - name: service-royalroad-chapters
           image: ghcr.io/gansejunge/app-notifications-service-royalroad-chapters:16
@@ -29,10 +45,12 @@ spec:
             - name: BACKEND_API_URL
               value: "http://backend-api-internal.app-notifications.svc.cluster.local:8101/internal/receive-notifications"
           volumeMounts:
-            - name: service-royalroad-chapters-secrets
+            - name: writable-secrets
               mountPath: /etc/secrets
               readOnly: true
       volumes:
         - name: service-royalroad-chapters-secrets
           secret:
             secretName: service-royalroad-chapters
+        - name: writable-secrets
+          emptyDir: {}