diff --git a/pkgs/sops-install-secrets/main.go b/pkgs/sops-install-secrets/main.go
index c578ab62..021fe9fb 100644
--- a/pkgs/sops-install-secrets/main.go
+++ b/pkgs/sops-install-secrets/main.go
@@ -30,9 +30,9 @@ type secret struct {
 	Key          string     `json:"key"`
 	Path         string     `json:"path"`
 	Owner        string     `json:"owner"`
-	UID          int        `json:"uid"`
+	UID          *int       `json:"uid,omitempty"`
 	Group        string     `json:"group"`
-	GID          int        `json:"gid"`
+	GID          *int       `json:"gid,omitempty"`
 	SopsFile     string     `json:"sopsFile"`
 	Format       FormatType `json:"format"`
 	Mode         string     `json:"mode"`
@@ -478,8 +478,8 @@ func (app *appContext) validateSecret(secret *secret) error {
 	} else if app.checkMode == Off || app.ignorePasswd {
 		// we only access to the user/group during deployment
 
-		if secret.Owner == "" && secret.UID >= 0 {
-			secret.owner = secret.UID
+		if secret.UID != nil {
+			secret.owner = *secret.UID
 		} else {
 			owner, err := user.Lookup(secret.Owner)
 			if err != nil {
@@ -492,8 +492,8 @@ func (app *appContext) validateSecret(secret *secret) error {
 			secret.owner = int(uid)
 		}
 
-		if secret.Group == "" && secret.GID >= 0 {
-			secret.group = secret.GID
+		if secret.GID != nil {
+			secret.group = *secret.GID
 		} else {
 			group, err := user.LookupGroup(secret.Group)
 			if err != nil {