diff --git a/scripts/run_agent.sh b/scripts/run_agent.sh
index dda990d9..628b422b 100755
--- a/scripts/run_agent.sh
+++ b/scripts/run_agent.sh
@@ -19,8 +19,8 @@ ls -l /mnt/
 DHCLIENT_LEASE_FILE=/var/lib/NetworkManager/dhclient-eth0.lease
 docker run --rm -it --network=host -v /mnt/:/mnt \
     --mount type=bind,source=/etc/ssh,target=/etc/ssh,readonly \
-    --mount type=bind,source=/etc/os-release,target=/etc/os-release \
-    --mount type=bind,source=${DHCLIENT_LEASE_FILE},target=/var/lib/dhclient/dhclient.leases \
+    --mount type=bind,source=/etc/os-release,target=/etc/os-release,readonly \
+    --mount type=bind,source=${DHCLIENT_LEASE_FILE},target=/var/lib/dhclient/dhclient.leases,readonly \
     ${DOCKER_SZTP_IMAGE} \
     /opi-sztp-agent daemon \
     --bootstrap-trust-anchor-cert /mnt/opi.pem \
diff --git a/sztp-agent/pkg/secureagent/utils.go b/sztp-agent/pkg/secureagent/utils.go
index edec9252..d2b3b83b 100644
--- a/sztp-agent/pkg/secureagent/utils.go
+++ b/sztp-agent/pkg/secureagent/utils.go
@@ -173,6 +173,7 @@ func readSSHHostKeyPublicFiles(pattern string) []publicKey {
 	for _, f := range files {
 		// nolint:gosec
 		data, _ := os.ReadFile(f)
+		// TODO: consider switching to https://pkg.go.dev/golang.org/x/crypto/ssh#ParseAuthorizedKey
 		parts := strings.Fields(string(data))
 		// [type-name] [base64-encoded-ssh-public-key] [comment]
 		if len(parts) < 2 {