diff --git a/deploy/kubernetes/attacher.yaml b/deploy/kubernetes/attacher.yaml
index 5414597..e944f85 100644
--- a/deploy/kubernetes/attacher.yaml
+++ b/deploy/kubernetes/attacher.yaml
@@ -1,8 +1,8 @@
----
 apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: csi-attacher-sa
+  namespace: kube-system
 ---
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
@@ -43,6 +43,7 @@ kind: Service
 apiVersion: v1
 metadata:
   name: csi-attacher-s3
+  namespace: kube-system
   labels:
     app: csi-attacher-s3
 spec:
@@ -56,6 +57,7 @@ kind: StatefulSet
 apiVersion: apps/v1beta1
 metadata:
   name: csi-attacher-s3
+  namespace: kube-system
 spec:
   serviceName: "csi-attacher-s3"
   replicas: 1
diff --git a/deploy/kubernetes/csi-s3.yaml b/deploy/kubernetes/csi-s3.yaml
index 69bbc5c..316e3a1 100644
--- a/deploy/kubernetes/csi-s3.yaml
+++ b/deploy/kubernetes/csi-s3.yaml
@@ -1,8 +1,8 @@
----
 apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: csi-s3
+  namespace: kube-system
 ---
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
@@ -42,6 +42,7 @@ kind: DaemonSet
 apiVersion: apps/v1beta2
 metadata:
   name: csi-s3
+  namespace: kube-system
 spec:
   selector:
     matchLabels:
@@ -92,31 +93,6 @@ spec:
               valueFrom:
                 fieldRef:
                   fieldPath: spec.nodeName
-            - name: ACCESS_KEY_ID
-              valueFrom:
-                secretKeyRef:
-                  name: csi-s3-secret
-                  key: accessKeyID
-            - name: SECRET_ACCESS_KEY
-              valueFrom:
-                secretKeyRef:
-                  name: csi-s3-secret
-                  key: secretAccessKey
-            - name: S3_ENDPOINT
-              valueFrom:
-                secretKeyRef:
-                  name: csi-s3-secret
-                  key: endpoint
-            - name: REGION
-              valueFrom:
-                secretKeyRef:
-                  name: csi-s3-secret
-                  key: region
-            - name: ENCRYPTION_KEY
-              valueFrom:
-                secretKeyRef:
-                  name: csi-s3-secret
-                  key: encryptionKey
           imagePullPolicy: "Always"
           volumeMounts:
             - name: plugin-dir
diff --git a/deploy/kubernetes/provisioner.yaml b/deploy/kubernetes/provisioner.yaml
index fd7cc07..25a45fc 100644
--- a/deploy/kubernetes/provisioner.yaml
+++ b/deploy/kubernetes/provisioner.yaml
@@ -1,8 +1,8 @@
----
 apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: csi-provisioner-sa
+  namespace: kube-system
 ---
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
@@ -42,6 +42,7 @@ kind: Service
 apiVersion: v1
 metadata:
   name: csi-provisioner-s3
+  namespace: kube-system
   labels:
     app: csi-provisioner-s3
 spec:
@@ -55,6 +56,7 @@ kind: StatefulSet
 apiVersion: apps/v1beta1
 metadata:
   name: csi-provisioner-s3
+  namespace: kube-system
 spec:
   serviceName: "csi-provisioner-s3"
   replicas: 1
@@ -91,31 +93,6 @@ spec:
               valueFrom:
                 fieldRef:
                   fieldPath: spec.nodeName
-            - name: ACCESS_KEY_ID
-              valueFrom:
-                secretKeyRef:
-                  name: csi-s3-secret
-                  key: accessKeyID
-            - name: SECRET_ACCESS_KEY
-              valueFrom:
-                secretKeyRef:
-                  name: csi-s3-secret
-                  key: secretAccessKey
-            - name: S3_ENDPOINT
-              valueFrom:
-                secretKeyRef:
-                  name: csi-s3-secret
-                  key: endpoint
-            - name: REGION
-              valueFrom:
-                secretKeyRef:
-                  name: csi-s3-secret
-                  key: region
-            - name: ENCRYPTION_KEY
-              valueFrom:
-                secretKeyRef:
-                  name: csi-s3-secret
-                  key: encryptionKey
           imagePullPolicy: "Always"
           volumeMounts:
             - name: socket-dir
diff --git a/deploy/kubernetes/secret.yaml b/deploy/kubernetes/secret.yaml.sample
similarity index 100%
rename from deploy/kubernetes/secret.yaml
rename to deploy/kubernetes/secret.yaml.sample
diff --git a/pkg/s3/config.go b/pkg/s3/config.go
index f5b1714..e3d0b9a 100644
--- a/pkg/s3/config.go
+++ b/pkg/s3/config.go
@@ -7,5 +7,4 @@ type Config struct {
 	Region          string
 	Endpoint        string
 	Mounter         string
-	EncryptionKey   string
 }
diff --git a/pkg/s3/s3-client.go b/pkg/s3/s3-client.go
index b85bc67..0f6c727 100644
--- a/pkg/s3/s3-client.go
+++ b/pkg/s3/s3-client.go
@@ -55,7 +55,6 @@ func newS3ClientFromSecrets(secrets map[string]string) (*s3Client, error) {
 		SecretAccessKey: secrets["secretAccessKey"],
 		Region:          secrets["region"],
 		Endpoint:        secrets["endpoint"],
-		EncryptionKey:   secrets["encryptionKey"],
 		// Mounter is set in the volume preferences, not secrets
 		Mounter: "",
 	})
diff --git a/test/secret.yaml b/test/secret.yaml
index 1f08c2f..50a57c4 100644
--- a/test/secret.yaml
+++ b/test/secret.yaml
@@ -3,28 +3,23 @@ CreateVolumeSecret:
   secretAccessKey: DSG643HGDS
   endpoint: http://127.0.0.1:9000
   region: ""
-  encryptionKey: ""
 DeleteVolumeSecret:
   accessKeyID: FJDSJ
   secretAccessKey: DSG643HGDS
   endpoint: http://127.0.0.1:9000
   region: ""
-  encryptionKey: ""
 NodeStageVolumeSecret:
   accessKeyID: FJDSJ
   secretAccessKey: DSG643HGDS
   endpoint: http://127.0.0.1:9000
   region: ""
-  encryptionKey: ""
 NodePublishVolumeSecret:
   accessKeyID: FJDSJ
   secretAccessKey: DSG643HGDS
   endpoint: http://127.0.0.1:9000
   region: ""
-  encryptionKey: ""
 ControllerValidateVolumeCapabilitiesSecret:
   accessKeyID: FJDSJ
   secretAccessKey: DSG643HGDS
   endpoint: http://127.0.0.1:9000
   region: ""
-  encryptionKey: ""
\ No newline at end of file