diff --git a/image/cli/mascli/templates/gitops/bootstrap/argocd.yaml b/image/cli/mascli/templates/gitops/bootstrap/argocd.yaml
index c7128de1e6..8edc494104 100644
--- a/image/cli/mascli/templates/gitops/bootstrap/argocd.yaml
+++ b/image/cli/mascli/templates/gitops/bootstrap/argocd.yaml
@@ -1329,8 +1329,8 @@ spec:
           - >-
             curl -L
             https://github.com/argoproj-labs/argocd-vault-plugin/releases/download/v\$(AVP_VERSION)/argocd-vault-plugin_\$(AVP_VERSION)_linux_amd64
-            -o argocd-vault-plugin && chmod +x argocd-vault-plugin && mv
-            argocd-vault-plugin /custom-tools/
+            -o /tmp/argocd-vault-plugin && chmod +x /tmp/argocd-vault-plugin && mv
+            /tmp/argocd-vault-plugin /tmp/custom-tools/
         command:
           - sh
           - '-c'
@@ -1340,10 +1340,12 @@ spec:
         image: registry.access.redhat.com/ubi8
         name: download-tools
         securityContext:
-          allowPrivilegeEscalation: true
+          allowPrivilegeEscalation: false
+          runAsNonRoot: true
+          runAsUser: 999
         resources: {}
         volumeMounts:
-          - mountPath: /custom-tools
+          - mountPath: /tmp/custom-tools
             name: custom-tools
     mountsatoken: true
     resources: