diff --git a/src/commands/git_secret_reveal.sh b/src/commands/git_secret_reveal.sh
index c05a3079..5153d370 100644
--- a/src/commands/git_secret_reveal.sh
+++ b/src/commands/git_secret_reveal.sh
@@ -50,10 +50,16 @@ function reveal {
     fi
 
     if [[ "$chmod" == 1 ]]; then
+      local secret_file
+      secret_file=$(_get_encrypted_filename "$path")
       local perms
-      perms=$($SECRETS_OCTAL_PERMS_COMMAND "$filename")
+      perms=$($SECRETS_OCTAL_PERMS_COMMAND "$secret_file")
 
-      chmod $perms "$path"
+      echo "# octal_perms_command: $SECRETS_OCTAL_PERMS_COMMAND" >&3
+      echo "# filename is '$filename', path is '$path'" >&3
+      echo "# running: chmod '$perms' '$path'" >&3
+
+      chmod "$perms" "$path"
     fi
 
     counter=$((counter+1))
diff --git a/tests/test_reveal.bats b/tests/test_reveal.bats
index 2fa633ed..d4882ad6 100644
--- a/tests/test_reveal.bats
+++ b/tests/test_reveal.bats
@@ -59,17 +59,21 @@ function teardown {
   rm "$FILE_TO_HIDE"
 
   local password=$(test_user_password "$TEST_DEFAULT_USER")
+
+  local secret_file=$(_get_encrypted_filename "$FILE_TO_HIDE")
+  chmod o-rwx "$secret_file"
+
   run git secret reveal -c -d "$TEST_GPG_HOMEDIR" -p "$password"
 
   [ "$status" -eq 0 ]
 
   local perm1
   local perm2
-  perm1=$(ls -l "$FILE_TO_HIDE" | cut -d' ' -f1)
-  perm2=$(ls -l "$FILE_TO_HIDE".secret | cut -d' ' -f1)
-  echo "# perm1: $perm1, perm2: $perm2" >&3
+  secret_perm=$(ls -l "$FILE_TO_HIDE".secret | cut -d' ' -f1)
+  file_perm=$(ls -l "$FILE_TO_HIDE" | cut -d' ' -f1)
+  echo "# secret_perm: $secret_perm, file_perm: $file_perm" >&3
 
-  [ "$perm1" = "$perm2" ]
+  [ "$secret_perm" = "$file_perm" ]
 
   [ -f "$FILE_TO_HIDE" ]
 }