diff --git a/files/dnssec-init b/files/dnssec-init
index 9f812dd..91196f2 100644
--- a/files/dnssec-init
+++ b/files/dnssec-init
@@ -3,7 +3,8 @@
 CACHEDIR="$1"
 NAME="$2"
 DOMAIN="$3"
+KEY_DIRECTORY="$4"
 PATH=/bin:/sbin:/usr/bin:/usr/sbin
-dnssec-keygen -K "${CACHEDIR}/${NAME}" "${DOMAIN}"
-dnssec-keygen -f KSK -K "${CACHEDIR}/${NAME}" "${DOMAIN}"
-dnssec-signzone -S -d "${CACHEDIR}" -K "${CACHEDIR}/${NAME}" -o "${DOMAIN}" "${CACHEDIR}/${NAME}/${DOMAIN}"
+dnssec-keygen -K "${KEY_DIRECTORY}" "${DOMAIN}"
+dnssec-keygen -f KSK -K "${KEY_DIRECTORY}" "${DOMAIN}"
+dnssec-signzone -S -d "${CACHEDIR}" -K "${KEY_DIRECTORY}" -o "${DOMAIN}" "${CACHEDIR}/${NAME}/${DOMAIN}"
diff --git a/manifests/zone.pp b/manifests/zone.pp
index cb143b3..1bcd8df 100644
--- a/manifests/zone.pp
+++ b/manifests/zone.pp
@@ -49,7 +49,7 @@ define bind::zone (
 
 		if $dnssec {
 			exec { "dnssec-keygen-${name}":
-				command => "/usr/local/bin/dnssec-init ${cachedir} ${name} ${_domain}",
+				command => "/usr/local/bin/dnssec-init '${cachedir}' '${name}' '${_domain}' '${key_directory}'",
 				cwd     => $cachedir,
 				user    => $bind::params::bind_user,
 				creates => "${cachedir}/${name}/${_domain}.signed",