diff --git a/pegleg/engine/util/pegleg_managed_document.py b/pegleg/engine/util/pegleg_managed_document.py
index 71d12f18..76b3fa2f 100644
--- a/pegleg/engine/util/pegleg_managed_document.py
+++ b/pegleg/engine/util/pegleg_managed_document.py
@@ -174,7 +174,6 @@ class PeglegManagedSecretsDocument(object):
     def set_decrypted(self):
         """Mark the pegleg managed document as un-encrypted."""
         self.data.pop(ENCRYPTED)
-        self._embedded_document[METADATA][STORAGE_POLICY] = 'cleartext'
 
     def set_secret(self, secret):
         self._embedded_document['data'] = secret
diff --git a/tests/unit/engine/test_secrets.py b/tests/unit/engine/test_secrets.py
index 4fe1702d..0d6374d2 100644
--- a/tests/unit/engine/test_secrets.py
+++ b/tests/unit/engine/test_secrets.py
@@ -177,8 +177,8 @@ data: {0}-password
             "site/cicd/secrets/passphrases/"
             "cicd-passphrase-encrypted.yaml"))
     decrypted = secrets.decrypt(encrypted_path)
-    assert yaml.safe_load(decrypted[encrypted_path])['data'] == yaml.safe_load(
-        passphrase_doc)['data']
+    assert yaml.safe_load(
+        decrypted[encrypted_path]) == yaml.safe_load(passphrase_doc)
 
 
 @mock.patch.dict(
@@ -297,6 +297,8 @@ def test_encrypt_decrypt_using_docs(tmpdir):
     assert test_data[0]['schema'] == decrypted_data[0]['schema']
     assert test_data[0]['metadata']['name'] == decrypted_data[0]['metadata'][
         'name']
+    assert test_data[0]['metadata']['storagePolicy'] == decrypted_data[0][
+        'metadata']['storagePolicy']
 
 
 @pytest.mark.skipif(