diff --git a/vault/sentinel/business_hours.sentinel b/vault/sentinel/business_hours.sentinel
index 1ac93ff2..45809c18 100644
--- a/vault/sentinel/business_hours.sentinel
+++ b/vault/sentinel/business_hours.sentinel
@@ -11,6 +11,11 @@ workhours = rule {
     time.now.hour > 7 and time.now.hour < 18
 }
 
-main = rule {
+precond = rule {
+    request.operation in ["read"] and
+    strings.has_prefix(request.path, "secret/")
+}
+
+main = rule when precond {
     workdays and workhours
 }