diff --git a/backup.sh b/backup.sh
index 45c5b63..53acf3f 100755
--- a/backup.sh
+++ b/backup.sh
@@ -6,13 +6,16 @@ set -o nounset
 set -o errexit
 set -o xtrace
 
+export GNUPGHOME=./gpghome
+
 bucket="${1}" ; shift
 name="${1}" ; shift
 backup_source="${1}" ; shift
 
+install --directory --owner $(id -u) --group $(id -g) --mode 700 "${GNUPGHOME}"
+
 cleanup() {
-    rm -f ./keyring.tmp
-    rm -f ./keyring.tmp~
+    rm -rf "${GNUPGHOME}"
 }
 
 trap cleanup EXIT
@@ -20,9 +23,9 @@ trap cleanup EXIT
 tmpgpg() {
     gpg \
         --batch \
-        --keyring ./keyring.tmp \
         --no-default-keyring \
         --no-options \
+        --trust-model always \
         "${@}"
 }
 
@@ -38,7 +41,8 @@ tar \
         --output - \
         --encrypt \
         --recipient 0x078A167A8741BD30 \
-    | aws s3 cp \
+    | aws \
+        s3 cp \
         --storage-class=DEEP_ARCHIVE \
         - \
         "s3://${bucket}/${name}-$(date --utc -Iseconds).tar.xz.gpg"