diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml
index 1824797..45d9e85 100644
--- a/roles/docker/defaults/main.yml
+++ b/roles/docker/defaults/main.yml
@@ -53,7 +53,6 @@ services:
     domain: "rynkeby.skovgaard.tel"
     volume_folder: "{{ volume_root_folder }}/restic"
     repository: "/mnt/SpinningRust/data.coop-backup/restic"
-    ssh_pubkey: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN1lNLshXytq+mx2LPzm8Neh/nrVqCR3iDXPONzBag9s restic@fedder
     version: "1.6.0"
     disabled_in_vagrant: true
 
diff --git a/roles/docker/tasks/services/restic_backup.yml b/roles/docker/tasks/services/restic_backup.yml
index 731ee47..e482e26 100644
--- a/roles/docker/tasks/services/restic_backup.yml
+++ b/roles/docker/tasks/services/restic_backup.yml
@@ -2,7 +2,7 @@
 ---
 - name: Create SSH directory
   file:
-    name: "{{ services.restic.volume_folder }}/ssh"
+    path: "{{ services.restic.volume_folder }}/ssh"
     owner: root
     group: root
     mode: '0700'
@@ -16,13 +16,20 @@
     mode: '0600'
     content: "{{ restic_secrets.ssh_privkey }}"
 
-- name: Copy public SSH key
-  copy:
-    dest: "{{ services.restic.volume_folder }}/ssh/id_ed25519.pub"
+- name: Derive public SSH key
+  shell: >
+    ssh-keygen -f {{ services.restic.volume_folder }}/ssh/id_ed25519 -y
+      > {{ services.restic.volume_folder }}/ssh/id_ed25519.pub
+  args:
+    creates: "{{ services.restic.volume_folder }}/ssh/id_ed25519.pub"
+
+- name: Set file permissions on public SSH key
+  file:
+    path: "{{ services.restic.volume_folder }}/ssh/id_ed25519.pub"
     owner: root
     group: root
     mode: '0644'
-    content: "{{ services.restic.ssh_pubkey }}"
+    state: touch
 
 - name: Setup restic backup
   docker_compose: