diff --git a/charts/ceph-csi-rbd/templates/nodeplugin-daemonset.yaml b/charts/ceph-csi-rbd/templates/nodeplugin-daemonset.yaml
index 98c838074..120d9627c 100644
--- a/charts/ceph-csi-rbd/templates/nodeplugin-daemonset.yaml
+++ b/charts/ceph-csi-rbd/templates/nodeplugin-daemonset.yaml
@@ -134,7 +134,7 @@ spec:
             - name: ceph-logdir
               mountPath: /var/log/ceph
             - name: oidc-token
-              mountPath: /var/run/secrets/tokens
+              mountPath: /run/secrets/tokens
               readOnly: true
           resources:
 {{ toYaml .Values.nodeplugin.plugin.resources | indent 12 }}
diff --git a/charts/ceph-csi-rbd/templates/provisioner-deployment.yaml b/charts/ceph-csi-rbd/templates/provisioner-deployment.yaml
index 63b38bcaf..b3b09160d 100644
--- a/charts/ceph-csi-rbd/templates/provisioner-deployment.yaml
+++ b/charts/ceph-csi-rbd/templates/provisioner-deployment.yaml
@@ -184,7 +184,7 @@ spec:
             - name: keys-tmp-dir
               mountPath: /tmp/csi/keys
             - name: oidc-token
-              mountPath: /var/run/secrets/tokens
+              mountPath: /run/secrets/tokens
               readOnly: true
           resources:
 {{ toYaml .Values.nodeplugin.plugin.resources | indent 12 }}
diff --git a/deploy/rbd/kubernetes/csi-rbdplugin-provisioner.yaml b/deploy/rbd/kubernetes/csi-rbdplugin-provisioner.yaml
index 915fb38a2..6c70f7ec5 100644
--- a/deploy/rbd/kubernetes/csi-rbdplugin-provisioner.yaml
+++ b/deploy/rbd/kubernetes/csi-rbdplugin-provisioner.yaml
@@ -164,7 +164,7 @@ spec:
             - name: ceph-config
               mountPath: /etc/ceph/
             - name: oidc-token
-              mountPath: /var/run/secrets/tokens
+              mountPath: /run/secrets/tokens
               readOnly: true
         - name: csi-rbdplugin-controller
           # for stable functionality replace canary with latest release version
diff --git a/deploy/rbd/kubernetes/csi-rbdplugin.yaml b/deploy/rbd/kubernetes/csi-rbdplugin.yaml
index 429e6da32..e9117e9ff 100644
--- a/deploy/rbd/kubernetes/csi-rbdplugin.yaml
+++ b/deploy/rbd/kubernetes/csi-rbdplugin.yaml
@@ -119,7 +119,7 @@ spec:
             - name: ceph-config
               mountPath: /etc/ceph/
             - name: oidc-token
-              mountPath: /var/run/secrets/tokens
+              mountPath: /run/secrets/tokens
               readOnly: true
         - name: liveness-prometheus
           securityContext:
diff --git a/internal/kms/aws_sts_metadata.go b/internal/kms/aws_sts_metadata.go
index 00aa300e3..a0db764d8 100644
--- a/internal/kms/aws_sts_metadata.go
+++ b/internal/kms/aws_sts_metadata.go
@@ -60,7 +60,7 @@ const (
 	// tokenFilePath is the path to the file containing the OIDC token.
 	//
 	// #nosec:G101, value not credential, just path to the token.
-	tokenFilePath = "/var/run/secrets/tokens/oidc-token"
+	tokenFilePath = "/run/secrets/tokens/oidc-token"
 )
 
 var _ = RegisterProvider(Provider{