diff --git a/hashicorp-vault/iac/modules/app_policy/main.tf b/hashicorp-vault/iac/modules/app_policy/main.tf
index aed281d..9dc3907 100644
--- a/hashicorp-vault/iac/modules/app_policy/main.tf
+++ b/hashicorp-vault/iac/modules/app_policy/main.tf
@@ -27,13 +27,14 @@ data "vault_policy_document" "ops" {
     path         = "kvv1/google/credentials"
     capabilities = ["read"]
   }
-  # read cloudflare credentials for terraform cloudflare backend
+  # read cloudflare related secrets
   rule {
     path         = "kvv1/cloudflare/${local.name}*"
     capabilities = ["read", "list", "create", "update", "delete"]
   }
+  # read ovh related secrets
   rule {
-    path         = "kvv1/cloudflare/${local.name}*"
+    path         = "kvv1/ovh/${local.name}*"
     capabilities = ["read", "list", "create", "update", "delete"]
   }
   # read tofu_module_reader gitea bot user ssh keys