diff --git a/README.md b/README.md
index 6751777..ae15f10 100644
--- a/README.md
+++ b/README.md
@@ -76,7 +76,7 @@ consistency. These are generally cluster-level configuration.
 | `k3s_use_unsupported_config`     | Allow the use of unsupported configurations in k3s.                             | `false`                        |
 | `k3s_etcd_datastore`             | Enable etcd embedded datastore (read notes below).                              | `false`                        |
 | `k3s_debug`                      | Enable debug logging on the k3s service.                                        | `false`                        |
-| `k3s_registries`                 | Configuration containerd's registries config file.                              | `mirrors:\n configs:\n`        |
+| `k3s_registries`                 | Registries configuration file content.                                          | `{ mirrors: {}, configs:{} }`  |
 
 ### K3S Service Configuration
 
diff --git a/defaults/main.yml b/defaults/main.yml
index eec4acf..2219833 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -98,9 +98,10 @@ k3s_become_for_package_install: null
 k3s_become_for_kubectl: null
 k3s_become_for_uninstall: null
 
-
+# Private registry configuration.
+# Rancher k3s documentation: https://rancher.com/docs/k3s/latest/en/installation/private-registry/
 k3s_registries:
-# rancher k3s doc https://rancher.com/docs/k3s/latest/en/installation/private-registry/
+
   mirrors:
 #    docker.io:
 #      endpoint:
@@ -108,9 +109,14 @@ k3s_registries:
   configs:
 #    "mycustomreg:5000":
 #      auth:
-#        username: xxxxxx # this is the registry username
-#        password: xxxxxx # this is the registry password
+#        # this is the registry username
+#        username: xxxxxx
+#        # this is the registry password
+#        password: xxxxxx
 #      tls:
-#        cert_file: # path to the cert file used in the registry
-#        key_file:  # path to the key file used in the registry
-#        ca_file:   # path to the ca file used in the registry
\ No newline at end of file
+#        # path to the cert file used in the registry
+#        cert_file:
+#        # path to the key file used in the registry
+#        key_file:
+#        # path to the ca file used in the registry
+#        ca_file:
\ No newline at end of file
diff --git a/tasks/build/containerd/registries.yml b/tasks/build/containerd/registries.yml
index c914a70..55ba034 100644
--- a/tasks/build/containerd/registries.yml
+++ b/tasks/build/containerd/registries.yml
@@ -4,8 +4,8 @@
   ansible.builtin.template:
     src: registries.yaml.j2
     dest: "{{ k3s_config_dir }}/registries.yaml"
-    mode: 0644
+    mode: 0600
   notify:
     - reload systemd
     - restart k3s
-  become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}"
\ No newline at end of file
+  become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}"
diff --git a/templates/registries.yaml.j2 b/templates/registries.yaml.j2
index b53fadd..4adbf13 100644
--- a/templates/registries.yaml.j2
+++ b/templates/registries.yaml.j2
@@ -1 +1,2 @@
+---
 {{ k3s_registries | to_nice_yaml }}
\ No newline at end of file