diff --git a/FsCrypt.cpp b/FsCrypt.cpp
index cf179c4..97f2619 100644
--- a/FsCrypt.cpp
+++ b/FsCrypt.cpp
@@ -173,27 +173,12 @@ static void fixate_user_ce_key(const std::string& directory_path, const std::str
     auto const current_path = get_ce_key_current_path(directory_path);
     if (to_fix != current_path) {
         LOG(DEBUG) << "Renaming " << to_fix << " to " << current_path;
-        android::base::unique_fd fd(TEMP_FAILURE_RETRY(
-            open(to_fix.c_str(), O_RDONLY | O_CLOEXEC)));
-        if (fd == -1) {
-            PLOG(ERROR) << "Failed to open " << to_fix;
-            return;
-        }
-        if (fsync(fd) == -1) {
-            if (errno == EROFS || errno == EINVAL) {
-                PLOG(WARNING) << "Skip fsync " << to_fix
-                              << " on a file system does not support synchronization";
-            } else {
-                PLOG(ERROR) << "Failed to fsync " << to_fix;
-                unlink(to_fix.c_str());
-                return;
-            }
-        }
         if (rename(to_fix.c_str(), current_path.c_str()) != 0) {
             PLOG(WARNING) << "Unable to rename " << to_fix << " to " << current_path;
             return;
         }
     }
+    android::vold::FsyncDirectory(directory_path);
 }
 
 static bool read_and_fixate_user_ce_key(userid_t user_id,
@@ -588,6 +573,7 @@ bool fscrypt_add_user_key_auth(userid_t user_id, int serial, const std::string&
     std::string ce_key_path;
     if (!get_ce_key_new_path(directory_path, paths, &ce_key_path)) return false;
     if (!android::vold::storeKeyAtomically(ce_key_path, user_key_temp, auth, ce_key)) return false;
+    if (!android::vold::FsyncDirectory(directory_path)) return false;
     return true;
 }
 
diff --git a/KeyStorage.cpp b/KeyStorage.cpp
index 9dd4991..fc700c5 100644
--- a/KeyStorage.cpp
+++ b/KeyStorage.cpp
@@ -484,6 +484,7 @@ bool storeKey(const std::string& dir, const KeyAuthentication& auth, const KeyBu
         if (!encryptWithoutKeymaster(appId, key, &encryptedKey)) return false;
     }
     if (!writeStringToFile(encryptedKey, dir + "/" + kFn_encrypted_key)) return false;
+    if (!FsyncDirectory(dir)) return false;
     return true;
 }
 
diff --git a/Utils.cpp b/Utils.cpp
index a77b1b6..5e12194 100644
--- a/Utils.cpp
+++ b/Utils.cpp
@@ -776,5 +776,23 @@ status_t WaitForFile(const char* filename, std::chrono::nanoseconds timeout) {
     return -1;
 }
 
+bool FsyncDirectory(const std::string& dirname) {
+    android::base::unique_fd fd(TEMP_FAILURE_RETRY(open(dirname.c_str(), O_RDONLY | O_CLOEXEC)));
+    if (fd == -1) {
+        PLOG(ERROR) << "Failed to open " << dirname;
+        return false;
+    }
+    if (fsync(fd) == -1) {
+        if (errno == EROFS || errno == EINVAL) {
+            PLOG(WARNING) << "Skip fsync " << dirname
+                          << " on a file system does not support synchronization";
+        } else {
+            PLOG(ERROR) << "Failed to fsync " << dirname;
+            return false;
+        }
+    }
+    return true;
+}
+
 }  // namespace vold
 }  // namespace android
diff --git a/Utils.h b/Utils.h
index 7976302..0b35a7b 100644
--- a/Utils.h
+++ b/Utils.h
@@ -131,6 +131,8 @@ status_t UnmountTree(const std::string& prefix);
 
 status_t WaitForFile(const char* filename, std::chrono::nanoseconds timeout);
 
+bool FsyncDirectory(const std::string& dirname);
+
 }  // namespace vold
 }  // namespace android