diff --git a/roles/fas_server/templates/configmap.yml b/roles/fas_server/templates/configmap.yml
index 1bf29117fc..b0475c8f64 100644
--- a/roles/fas_server/templates/configmap.yml
+++ b/roles/fas_server/templates/configmap.yml
@@ -80,6 +80,9 @@ data:
     </Directory>
   app_start.sh: |-
     set -xe
+    rm -rf /tmp/fas-gpg
+    mkdir /tmp/fas-gpg
+    ln -s /etc/fas-gpg/pubring.gpg /tmp/fas-gpg/pubring.gpg
     python /etc/fas/app_gunicorn.py --bind :8000 --chdir /app app
   app_gunicorn.py: |-
     # We need a custom gunicorn script because we need to inject various requires
diff --git a/roles/fas_server/templates/fas.cfg.j2 b/roles/fas_server/templates/fas.cfg.j2
index 1b177dcc0e..d975dd7e74 100644
--- a/roles/fas_server/templates/fas.cfg.j2
+++ b/roles/fas_server/templates/fas.cfg.j2
@@ -257,7 +257,7 @@ use_openssl_rand_bytes = True
 
 # These determine where FAS will read the public keyring from used in all GPG operations
 gpgexec = "/usr/bin/gpg"
-gpghome = "/etc/fas-gpg"
+gpghome = "/tmp/fas-gpg"
 # Note: gpg_fingerprint and gpg_passphrase are for encrypting password reset mail if the user has
 # a gpg key registered.  It's currently broken
 gpg_fingerprint = "7662 A6D3 4F21 A653 7BD4  BA64 20A0 8C45 4A0E 6255"