diff --git a/doc/source/images/architecture-pegleg.png b/doc/source/images/architecture-pegleg.png
index c872f555..acdfa920 100644
Binary files a/doc/source/images/architecture-pegleg.png and b/doc/source/images/architecture-pegleg.png differ
diff --git a/pegleg/engine/lint.py b/pegleg/engine/lint.py
index 582df86b..aaf9cf16 100644
--- a/pegleg/engine/lint.py
+++ b/pegleg/engine/lint.py
@@ -269,7 +269,8 @@ def _verify_document(document, schemas, filename):
                            'storagePolicy: "%s"' % (filename, name,
                                                     storage_policy)))
 
-        if not _filename_in_section(filename, 'secrets/'):
+        # Check if the file is in a secrets directory
+        if not util.files.file_in_subdir(filename, 'secrets/'):
             errors.append((SECRET_NOT_ENCRYPTED_POLICY,
                            '%s (document %s) is a secret, is not stored in a '
                            'secrets path' % (filename, name)))
@@ -353,12 +354,3 @@ def _load_schemas():
         schemas[key] = util.files.slurp(
             pkg_resources.resource_filename('pegleg', filename))
     return schemas
-
-
-def _filename_in_section(filename, section):
-    directory = util.files.directory_for(path=filename)
-    if directory is not None:
-        rest = filename[len(directory) + 1:]
-        return rest is not None and rest.startswith(section)
-    else:
-        return False
diff --git a/pegleg/engine/util/files.py b/pegleg/engine/util/files.py
index 02cb33ed..54ea38e9 100644
--- a/pegleg/engine/util/files.py
+++ b/pegleg/engine/util/files.py
@@ -382,3 +382,15 @@ def collect_files_by_repo(site_name):
         documents = util.files.read(filename)
         collected_files_by_repo[repo_name].extend(documents)
     return collected_files_by_repo
+
+
+def file_in_subdir(filename, _dir):
+    """
+    Check if a folder named _dir is in the path to the file
+
+    :return: Whether _dir is a parent of the file
+    :rtype: bool
+    """
+    file_path, file_name = os.path.split(
+        os.path.realpath(filename))
+    return _dir in file_path.split(os.path.sep)
diff --git a/tests/unit/engine/util/test_files.py b/tests/unit/engine/util/test_files.py
index b0938ee3..5a9e696c 100644
--- a/tests/unit/engine/util/test_files.py
+++ b/tests/unit/engine/util/test_files.py
@@ -36,3 +36,10 @@ class TestFileHelpers(object):
         documents = files.read(path)
         assert not documents, ("Documents returned should be empty for "
                                "site-definition.yaml")
+
+def test_file_in_subdir():
+    assert files.file_in_subdir("aaa/bbb/ccc.txt", "aaa")
+    assert files.file_in_subdir("aaa/bbb/ccc.txt", "bbb")
+    assert not files.file_in_subdir("aaa/bbb/ccc.txt", "ccc")
+    assert not files.file_in_subdir("aaa/bbb/ccc.txt", "bb")
+    assert not files.file_in_subdir("aaa/bbb/../ccc.txt", "bbb")