diff --git a/vault/files/config.hcl b/vault/files/config.hcl
index f8e407c..a46a8a4 100644
--- a/vault/files/config.hcl
+++ b/vault/files/config.hcl
@@ -29,7 +29,7 @@ storage "consul" {
 storage "file" {
   path = "{{ config.data_dir }}"
 }
-{% endif %}
+{%- endif %}
 
 default_lease_ttl="{{ config.default_lease_ttl }}"
 max_lease_ttl="{{ config.max_lease_ttl }}"
diff --git a/vault/files/vault.service b/vault/files/vault.service
index 0693a8a..3c6ef27 100644
--- a/vault/files/vault.service
+++ b/vault/files/vault.service
@@ -12,6 +12,7 @@ ExecReload=/bin/kill -signal HUP $MAINPID
 ExecStop=/usr/local/bin/vault operator step-down
 Restart=on-failure
 CapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK
+AmbientCapabilities=CAP_IPC_LOCK
 SecureBits=keep-caps
 NoNewPrivileges=yes
 KillSignal=SIGINT