diff --git a/internal/util/fscrypt/fscrypt.go b/internal/util/fscrypt/fscrypt.go
index 9ca822d67..3d35b142c 100644
--- a/internal/util/fscrypt/fscrypt.go
+++ b/internal/util/fscrypt/fscrypt.go
@@ -111,6 +111,20 @@ func createKeyFuncFromVolumeEncryption(
 	return keyFunc, nil
 }
 
+// fsyncEncryptedDirectory calls sync on dirPath. It is intended to
+// work around the fscrypt library not syncing the directory it sets a
+// policy on.
+// TODO Remove when the fscrypt dependency has https://github.com/google/fscrypt/pull/359
+func fsyncEncryptedDirectory(dirPath string) error {
+	dir, err := os.Open(dirPath)
+	if err != nil {
+		return err
+	}
+	defer dir.Close()
+
+	return dir.Sync()
+}
+
 // unlockExisting tries to unlock an already set up fscrypt directory using keys from Ceph CSI.
 func unlockExisting(
 	ctx context.Context,
@@ -225,6 +239,12 @@ func initializeAndUnlock(
 		return err
 	}
 
+	if err = fsyncEncryptedDirectory(encryptedPath); err != nil {
+		log.ErrorLog(ctx, "fscrypt: fsync encrypted dir - to flush kernel policy to disk failed %v", err)
+
+		return err
+	}
+
 	return nil
 }