diff --git a/src/agent/src/main.rs b/src/agent/src/main.rs
index 7f43b59d0..13c48f410 100644
--- a/src/agent/src/main.rs
+++ b/src/agent/src/main.rs
@@ -22,7 +22,7 @@ use anyhow::{anyhow, bail, Context, Result};
 use base64::Engine;
 use cfg_if::cfg_if;
 use clap::{AppSettings, Parser};
-use const_format::{concatcp, formatcp};
+use const_format::concatcp;
 use initdata::{InitdataReturnValue, AA_CONFIG_PATH, CDH_CONFIG_PATH};
 use nix::fcntl::OFlag;
 use nix::sys::reboot::{reboot, RebootMode};
@@ -107,19 +107,9 @@ const CDH_SOCKET_URI: &str = concatcp!(UNIX_SOCKET_PREFIX, CDH_SOCKET);
 
 const API_SERVER_PATH: &str = "/usr/local/bin/api-server-rest";
 
-/// Path of ocicrypt config file. This is used by image-rs when decrypting image.
-const OCICRYPT_CONFIG_PATH: &str = "/run/confidential-containers/ocicrypt_config.json";
-
-const OCICRYPT_CONFIG: &str = formatcp!(
-    r#"{{
-    "key-providers": {{
-        "attestation-agent": {{
-            "ttrpc": "{}"
-        }}
-    }}
-}}"#,
-    CDH_SOCKET_URI
-);
+/// Path of ocicrypt config file. This is used by CDH when decrypting image.
+/// TODO: remove this when we move the launch of CDH out of the kata-agent.
+const OCICRYPT_CONFIG_PATH: &str = "/etc/ocicrypt_config.json";
 
 const DEFAULT_LAUNCH_PROCESS_TIMEOUT: i32 = 6;
 
diff --git a/tools/packaging/static-build/coco-guest-components/build-static-coco-guest-components.sh b/tools/packaging/static-build/coco-guest-components/build-static-coco-guest-components.sh
index 669773a5b..6eaf925ee 100755
--- a/tools/packaging/static-build/coco-guest-components/build-static-coco-guest-components.sh
+++ b/tools/packaging/static-build/coco-guest-components/build-static-coco-guest-components.sh
@@ -35,6 +35,7 @@ build_coco_guest_components_from_source() {
 	DESTDIR="${DESTDIR}/usr/local/bin" TEE_PLATFORM=${TEE_PLATFORM} make install
 
 	install -D -m0755 "confidential-data-hub/hub/src/storage/scripts/luks-encrypt-storage" "${DESTDIR}/usr/local/bin/luks-encrypt-storage"
+	install -D -m0644 "confidential-data-hub/hub/src/image/ocicrypt_config.json" "${DESTDIR}/etc/ocicrypt_config.json"
 	popd
 }