diff --git a/units/systemd-networkd.service.in b/units/systemd-networkd.service.in
index 200b126faa..099e7211e6 100644
--- a/units/systemd-networkd.service.in
+++ b/units/systemd-networkd.service.in
@@ -26,6 +26,7 @@ CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_N
 DeviceAllow=char-* rw
 ExecStart=!!{{LIBEXECDIR}}/systemd-networkd
 FileDescriptorStoreMax=512
+ImportCredential=network.wireguard.*
 LockPersonality=yes
 MemoryDenyWriteExecute=yes
 NoNewPrivileges=yes
@@ -50,7 +51,6 @@ SystemCallErrorNumber=EPERM
 SystemCallFilter=@system-service
 Type=notify-reload
 User=systemd-network
-ImportCredential=network.wireguard.*
 {{SERVICE_WATCHDOG}}
 
 [Install]