diff --git a/deploy-nix-site/action.yaml b/deploy-nix-site/action.yaml
index 4c9af70..d0a62d5 100644
--- a/deploy-nix-site/action.yaml
+++ b/deploy-nix-site/action.yaml
@@ -60,12 +60,19 @@ runs:
         export AWS_ACCESS_KEY_ID="${{ env.S3_ACCESS_KEY }}"
         export AWS_SECRET_ACCESS_KEY="${{ env.S3_SECRET_KEY }}"
 
+        # Write signing key to temporary file
+        echo "${{ env.NIX_SIGNING_KEY }}" > /tmp/nix-signing-key.pem
+        chmod 600 /tmp/nix-signing-key.pem
+
         # Push entire closure (derivation + all dependencies) to cache
         nix copy \
-          --to "s3://nix-cache?endpoint=${{ inputs.s3-endpoint }}&scheme=https&secret-key=${{ env.NIX_SIGNING_KEY }}" \
+          --to "s3://nix-cache?endpoint=${{ inputs.s3-endpoint }}&scheme=https&secret-key=/tmp/nix-signing-key.pem" \
           --derivation \
           "$STORE_PATH"
 
+        # Clean up key file
+        rm -f /tmp/nix-signing-key.pem
+
         echo "✅ Pushed to binary cache: $STORE_HASH (with all dependencies)"
 
     - name: Deploy via Nomad