diff --git a/scripts/tests/systemd/dns-systemd-resolved.sh b/scripts/tests/systemd/dns-systemd-resolved.sh
index 4a37226d7..a71eaa512 100755
--- a/scripts/tests/systemd/dns-systemd-resolved.sh
+++ b/scripts/tests/systemd/dns-systemd-resolved.sh
@@ -4,6 +4,8 @@
 set -euo pipefail
 
 BINARY_NAME=firezone-linux-client
+CONFIG_DIR=/etc/dev.firezone.client
+TOKEN_PATH="$CONFIG_DIR/token.txt"
 
 docker compose exec client cat firezone-linux-client > "$BINARY_NAME"
 chmod u+x "$BINARY_NAME"
@@ -11,7 +13,12 @@ sudo mv "$BINARY_NAME" "/usr/bin/$BINARY_NAME"
 # TODO: Check whether this is redundant with the systemd service file
 sudo setcap cap_net_admin+eip "/usr/bin/$BINARY_NAME"
 
-sudo cp scripts/tests/systemd/firezone-client.service /etc/systemd/system/
+sudo mkdir "$CONFIG_DIR"
+sudo touch "$TOKEN_PATH"
+sudo chmod 600 "$TOKEN_PATH"
+echo "n.SFMyNTY.g2gDaANtAAAAJGM4OWJjYzhjLTkzOTItNGRhZS1hNDBkLTg4OGFlZjZkMjhlMG0AAAAkN2RhN2QxY2QtMTExYy00NGE3LWI1YWMtNDAyN2I5ZDIzMGU1bQAAACtBaUl5XzZwQmstV0xlUkFQenprQ0ZYTnFJWktXQnMyRGR3XzJ2Z0lRdkZnbgYAGUmu74wBYgABUYA.UN3vSLLcAMkHeEh5VHumPOutkuue8JA6wlxM9JxJEPE" | sudo tee "$TOKEN_PATH" > /dev/null
+
+sudo cp scripts/tests/systemd/firezone-client.service /usr/lib/systemd/system/
 systemd-analyze security firezone-client
 
 HTTPBIN=dns.httpbin
diff --git a/scripts/tests/systemd/firezone-client.service b/scripts/tests/systemd/firezone-client.service
index f7a9f0f74..49057e42b 100644
--- a/scripts/tests/systemd/firezone-client.service
+++ b/scripts/tests/systemd/firezone-client.service
@@ -7,7 +7,6 @@ AmbientCapabilities=CAP_NET_ADMIN
 Environment="FIREZONE_API_URL=ws://localhost:8081"
 Environment="FIREZONE_DNS_CONTROL=systemd-resolved"
 Environment="FIREZONE_ID=D0455FDE-8F65-4960-A778-B934E4E85A5F"
-Environment="FIREZONE_TOKEN=n.SFMyNTY.g2gDaANtAAAAJGM4OWJjYzhjLTkzOTItNGRhZS1hNDBkLTg4OGFlZjZkMjhlMG0AAAAkN2RhN2QxY2QtMTExYy00NGE3LWI1YWMtNDAyN2I5ZDIzMGU1bQAAACtBaUl5XzZwQmstV0xlUkFQenprQ0ZYTnFJWktXQnMyRGR3XzJ2Z0lRdkZnbgYAGUmu74wBYgABUYA.UN3vSLLcAMkHeEh5VHumPOutkuue8JA6wlxM9JxJEPE"
 Environment="RUST_LOG=info"
 
 ExecStart=firezone-linux-client