diff --git a/configs/gen_metadata.sh b/configs/gen_metadata.sh
index b6ae7d8f..38302bda 100755
--- a/configs/gen_metadata.sh
+++ b/configs/gen_metadata.sh
@@ -26,7 +26,11 @@ then
     # Expect a previous ISO to update:
     # Keep: DM_CRYPT, DHPARAMs and SYNCHRO_SSH_KEY
 
-    isoinfo -i "$1" -X -find -iname "USER_DAT*" || 7z x "$1"
+    P=$(pwd)
+    D=$(mktemp -d)
+    pushd "${D}" > /dev/null
+
+    isoinfo -i "${P}/$1" -X -find -iname "USER_DAT*" > /dev/null || 7z x "$1" > /dev/null
 
     FNAME="USER_DAT.;1"
     if ! [ -f "$FNAME" ] && [ -f user-data ]
@@ -38,6 +42,9 @@ then
     export DHPARAM=$(jq -r '."tls_config".entries."dhparams-4096.pem".content' "${FNAME}" | escape_newline)
     export SYNCRO_PRIVATE_KEY=$(jq -r '.synchro.entries.id_ed25519.content' "${FNAME}" | escape_newline)
     export SYNCRO_PUBLIC_KEY=$(jq -r '.synchro.entries."id_ed25519.pub".content' "${FNAME}" | escape_newline)
+
+    popd > /dev/null
+    rm -rf "${D}"
 fi
 
 which vault > /dev/null 2> /dev/null || { echo "Please install vault" >&2; exit 1; }
@@ -50,7 +57,7 @@ OUTPUT_PATH="${OUTPUT_PATH:-"$(mktemp -d)"}"
 command -v vault &> /dev/null || (echo "vault could not be found" && exit)
 vault login -method=oidc -no-print 2> /dev/null
 
-[ -z "${DM_CRYPT}" ] && export DM_CRYPT="$(tr -d -c "a-zA-Z0-9" < /dev/urandom | fold -w512 | head -n 1)"
+[ -z "${DM_CRYPT}" ] && echo "/!\\ GENERATE NEW DM_CRYPT SECRETS" && export DM_CRYPT="$(tr -d -c "a-zA-Z0-9" < /dev/urandom | fold -w512 | head -n 1)"
 export CERT_PEM="$(vault kv get --field=cert.pem fic/cert/${DOMAIN_NAME} | escape_newline)"
 export CHAIN_PEM="$(vault kv get --field=chain.pem fic/cert/${DOMAIN_NAME} | escape_newline)"
 export FULLCHAIN_PEM="$(vault kv get --field=fullchain.pem fic/cert/${DOMAIN_NAME} | escape_newline)"
@@ -76,7 +83,7 @@ then
 fi
 export DHPARAM="$(cat "$DHPARAM_PATH" | escape_newline)"
 
-export AUTHORIZED_KEYS="$(cat authorized_keys | escape_newline)"
+export AUTHORIZED_KEYS="$(cat "$(dirname $0)/authorized_keys" | escape_newline)"
 
 TEMPLATE='
 {