diff --git a/tests/unit/engine/test_generate_passphrases.py b/tests/unit/engine/test_generate_passphrases.py
index 5d11b65c..44853bfb 100644
--- a/tests/unit/engine/test_generate_passphrases.py
+++ b/tests/unit/engine/test_generate_passphrases.py
@@ -31,7 +31,7 @@ import pegleg
 from pegleg.engine.util.pegleg_secret_management import ENV_PASSPHRASE
 from pegleg.engine.util.pegleg_secret_management import ENV_SALT
 
-TEST_PASSPHRASES_CATALOG = yaml.load("""
+TEST_PASSPHRASES_CATALOG = yaml.safe_load("""
 ---
 schema: pegleg/PassphraseCatalog/v1
 metadata:
@@ -69,7 +69,7 @@ data:
 ...
 """)
 
-TEST_GLOBAL_PASSPHRASES_CATALOG = yaml.load("""
+TEST_GLOBAL_PASSPHRASES_CATALOG = yaml.safe_load("""
 ---
 schema: pegleg/PassphraseCatalog/v1
 metadata:
@@ -87,7 +87,7 @@ data:
 ...
 """)
 
-TEST_BASE64_PASSPHRASES_CATALOG = yaml.load("""
+TEST_BASE64_PASSPHRASES_CATALOG = yaml.safe_load("""
 ---
 schema: pegleg/PassphraseCatalog/v1
 metadata:
@@ -180,7 +180,7 @@ def test_generate_passphrases(*_):
                                             passphrase_file_name)
         assert os.path.isfile(passphrase_file_path)
         with open(passphrase_file_path) as stream:
-            doc = yaml.load(stream)
+            doc = yaml.safe_load(stream)
             assert doc['schema'] == 'pegleg/PeglegManagedDocument/v1'
             assert doc['metadata']['storagePolicy'] == 'cleartext'
             assert 'encrypted' in doc['data']
diff --git a/tests/unit/engine/test_secrets.py b/tests/unit/engine/test_secrets.py
index b2797ad8..2d0c651d 100644
--- a/tests/unit/engine/test_secrets.py
+++ b/tests/unit/engine/test_secrets.py
@@ -116,7 +116,7 @@ data: {0}-password
     encrypted_path = str(save_location.join("site/cicd/secrets/passphrases/"
                                             "cicd-passphrase-encrypted.yaml"))
     decrypted = secrets.decrypt(encrypted_path)
-    assert yaml.load(decrypted[encrypted_path]) == yaml.load(passphrase_doc)
+    assert yaml.safe_load(decrypted[encrypted_path]) == yaml.safe_load(passphrase_doc)
 
 
 def test_pegleg_secret_management_constructor():
diff --git a/tests/unit/fixtures.py b/tests/unit/fixtures.py
index 2ca81db2..9fe29827 100644
--- a/tests/unit/fixtures.py
+++ b/tests/unit/fixtures.py
@@ -43,7 +43,7 @@ def _gen_document(**kwargs):
     if "storagePolicy" not in kwargs:
         kwargs["storagePolicy"] = "cleartext"
     test_document = TEST_DOCUMENT % kwargs
-    return yaml.load(test_document)
+    return yaml.safe_load(test_document)
 
 
 @pytest.fixture()
diff --git a/tests/unit/test_cli.py b/tests/unit/test_cli.py
index e6a42e27..5465188e 100644
--- a/tests/unit/test_cli.py
+++ b/tests/unit/test_cli.py
@@ -553,7 +553,7 @@ class TestSiteSecretsActions(BaseCLIActionTest):
         file_path = os.path.join(repo_path, "site", "airship-seaworthy",
                                "secrets", "passphrases", "ceph_fsid.yaml")
         with open(file_path, "r") as ceph_fsid_fi:
-            ceph_fsid = yaml.load(ceph_fsid_fi)
+            ceph_fsid = yaml.safe_load(ceph_fsid_fi)
             ceph_fsid["metadata"]["storagePolicy"] = "encrypted"
 
         with open(file_path, "w") as ceph_fsid_fi:
@@ -568,7 +568,7 @@ class TestSiteSecretsActions(BaseCLIActionTest):
                                "secrets", "passphrases", "ceph_fsid.yaml"),
                   "r") \
                 as ceph_fsid_fi:
-            ceph_fsid = yaml.load(ceph_fsid_fi)
+            ceph_fsid = yaml.safe_load(ceph_fsid_fi)
             assert "encrypted" in ceph_fsid["data"]
             assert "managedDocument" in ceph_fsid["data"]