diff --git a/pkg/common/salt-common.logrotate b/pkg/common/salt-common.logrotate
index 1248599390a..1bc063ebfdb 100644
--- a/pkg/common/salt-common.logrotate
+++ b/pkg/common/salt-common.logrotate
@@ -21,6 +21,7 @@
 	rotate 7
 	compress
 	notifempty
+	create 0640 salt salt
 }
 
 /var/log/salt/api {
diff --git a/pkg/debian/salt-master.postinst b/pkg/debian/salt-master.postinst
index 45312283a05..bc4c825a872 100644
--- a/pkg/debian/salt-master.postinst
+++ b/pkg/debian/salt-master.postinst
@@ -4,7 +4,11 @@ case "$1" in
       touch /var/log/salt/master
       chmod 640 /var/log/salt/master
     fi
-    chown -R salt:salt /etc/salt/pki/master /etc/salt/master.d /etc/salt/minion.d /var/log/salt/master /var/cache/salt/master /var/run/salt/master
+    if [ ! -e "/var/log/salt/key" ]; then
+      touch /var/log/salt/key
+      chmod 640 /var/log/salt/key
+    fi
+    chown -R salt:salt /etc/salt/pki/master /etc/salt/master.d /etc/salt/minion.d /var/log/salt/master /var/log/salt/key /var/cache/salt/master /var/run/salt/master
     if command -v systemctl; then systemctl enable salt-master; fi
   ;;
 esac
diff --git a/pkg/rpm/salt.spec b/pkg/rpm/salt.spec
index f92f86523e6..18cba6a48e4 100644
--- a/pkg/rpm/salt.spec
+++ b/pkg/rpm/salt.spec
@@ -490,7 +490,11 @@ if [ ! -e "/var/log/salt/master" ]; then
   touch /var/log/salt/master
   chmod 640 /var/log/salt/master
 fi
-chown -R %{_SALT_USER}:%{_SALT_GROUP} /etc/salt/pki/master /etc/salt/master.d /var/log/salt/master /var/cache/salt/master /var/run/salt/master
+if [ ! -e "/var/log/salt/key" ]; then
+  touch /var/log/salt/key
+  chmod 640 /var/log/salt/key
+fi
+chown -R %{_SALT_USER}:%{_SALT_GROUP} /etc/salt/pki/master /etc/salt/master.d /var/log/salt/master /var/log/salt/key /var/cache/salt/master /var/run/salt/master
 
 
 %posttrans api