diff --git a/pegleg/engine/util/pegleg_managed_document.py b/pegleg/engine/util/pegleg_managed_document.py
index eb16f164..ae0fac09 100644
--- a/pegleg/engine/util/pegleg_managed_document.py
+++ b/pegleg/engine/util/pegleg_managed_document.py
@@ -173,6 +173,7 @@ class PeglegManagedSecretsDocument(object):
     def set_decrypted(self):
         """Mark the pegleg managed document as un-encrypted."""
         self.data.pop(ENCRYPTED)
+        self._embedded_document[METADATA][STORAGE_POLICY] = 'cleartext'
 
     def set_secret(self, secret):
         self._embedded_document['data'] = secret
diff --git a/tests/unit/engine/test_secrets.py b/tests/unit/engine/test_secrets.py
index 69f347a4..7446af47 100644
--- a/tests/unit/engine/test_secrets.py
+++ b/tests/unit/engine/test_secrets.py
@@ -177,8 +177,8 @@ data: {0}-password
             "site/cicd/secrets/passphrases/"
             "cicd-passphrase-encrypted.yaml"))
     decrypted = secrets.decrypt(encrypted_path)
-    assert yaml.safe_load(
-        decrypted[encrypted_path]) == yaml.safe_load(passphrase_doc)
+    assert yaml.safe_load(decrypted[encrypted_path])['data'] == yaml.safe_load(
+        passphrase_doc)['data']
 
 
 @mock.patch.dict(
@@ -297,8 +297,6 @@ def test_encrypt_decrypt_using_docs(tmpdir):
     assert test_data[0]['schema'] == decrypted_data[0]['schema']
     assert test_data[0]['metadata']['name'] == decrypted_data[0]['metadata'][
         'name']
-    assert test_data[0]['metadata']['storagePolicy'] == decrypted_data[0][
-        'metadata']['storagePolicy']
 
 
 @pytest.mark.skipif(