diff --git a/.gitignore b/.gitignore
index 7d35ad1..d9e60dd 100644
--- a/.gitignore
+++ b/.gitignore
@@ -5,5 +5,6 @@
 /test_server.pub
 
 /cmd/server/configs/allowlists/*.json
+!/cmd/server/configs/allowlists/local.json
 !/cmd/server/configs/allowlists/*.enc.json
 !/cmd/server/configs/allowlists/example.json
diff --git a/.sops.yaml b/.sops.yaml
index b2f218e..f5e4ebb 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -1,7 +1,5 @@
 # creation rules are evaluated sequentially, the first match wins
 creation_rules:
-        - path_regex: cmd/server/configs/allowlists/local\.enc\.json$
-          azure_keyvault: https://rmicredsrvlocalsops.vault.azure.net/keys/sops/8c544f0ae62b4d5a9b1c7ef755345f22
         - path_regex: cmd/server/configs/allowlists/dev\.enc\.json$
           azure_keyvault: https://rmicredsrvdevsops.vault.azure.net/keys/sops/2e4989d46cb24ccb96c8ce98e9104fe5
 
diff --git a/README.md b/README.md
index 9fb7011..836ad02 100644
--- a/README.md
+++ b/README.md
@@ -17,8 +17,6 @@ Things to note:
 
 ## Running the Credential Service
 
-Before running the service locally, make sure you have [`sops`](https://github.com/getsops/sops) installed, and are logged into Azure with credentials that can access the relevant keys. See the `.sops.yaml` for more info.
-
 Run the server against an Azure AD B2C instance:
 
 ```bash
diff --git a/cmd/server/configs/allowlists/local.enc.json b/cmd/server/configs/allowlists/local.enc.json
deleted file mode 100644
index 3f541d3..0000000
--- a/cmd/server/configs/allowlists/local.enc.json
+++ /dev/null
@@ -1,37 +0,0 @@
-{
-	"format": "ENC[AES256_GCM,data:8As=,iv:7qOQHvaWw7X7vVoda3mD+T1+EgceABeEqKyLyQ7dPZY=,tag:JxYpiTUjFRvkLTo3Jv3nAQ==,type:str]",
-	"allowlist": [
-		{
-			"domain": "ENC[AES256_GCM,data:gyLWCyQCpA39X5lNnhJA,iv:3uDN8IK1KCebmQoSqBtZJ/C2ISx6/oFA6z4VwCKjq4s=,tag:UkK/fHPkOo2XURuFylL21w==,type:str]"
-		},
-		{
-			"domain": "ENC[AES256_GCM,data:CgTDWaRi8g==,iv:m3CxDdiPvUgipbt99slSo0X3SBPk3j85gYiYs+DYS+I=,tag:DgAC6WB0Xy2BTH4fMoT8Bg==,type:str]"
-		},
-		{
-			"domain": "ENC[AES256_GCM,data:ntaKa04sDnpL2g==,iv:+i13RpV3HhMi72uQtH3q4zKBVpwgXwlVVvKiPWZnl/c=,tag:C4useGjIUS8Raf4H9n68GQ==,type:str]",
-			"sites": [
-				"ENC[AES256_GCM,data:3Gn/Cl0=,iv:0Skki3NGNg97sxMpdJUhP/N33DosGfIb5EiUu2jqwow=,tag:3V0WhDJo5MyqukP7yAPS1g==,type:str]"
-			]
-		}
-	],
-	"sops": {
-		"kms": null,
-		"gcp_kms": null,
-		"azure_kv": [
-			{
-				"vault_url": "https://rmicredsrvlocalsops.vault.azure.net",
-				"name": "sops",
-				"version": "8c544f0ae62b4d5a9b1c7ef755345f22",
-				"created_at": "2024-07-09T23:36:00Z",
-				"enc": "d5iHI1RFchiNyvaSNwV7NPeT8-CEFMErX2lRsDdWwoesMInRLzxQ0QU9Y7YH3YtzT-KG5ZE6QyoU2wEOyUr4OOd_rypMCZFYByHuh7Se_yvfXsRju_Swwy2Qe7dYa2pZhFRFaHMOkxv_Zj9qsTP7_UZhhOEIOdHFS7u_1sEmUgcdhycYSt1BomvrRqm-4xG506Hl08lCWJkR8JbvIjkAM3HXICtSwkjyRy3oBCJ5wLw_loCJoZaAaLIV2SEOFD7tw-Hsi_Ocu9J1VcLheXzaJuH0mmLGMkZpYkUR6OovDm59mgCoBaYLxsjIeC2cCmt5IWe6qQ9i05Brnbdqzs2n0g"
-			}
-		],
-		"hc_vault": null,
-		"age": null,
-		"lastmodified": "2024-07-09T23:36:02Z",
-		"mac": "ENC[AES256_GCM,data:7c+OuHsG6EWmlzq0ybfKcTNxOnTZI1OVvjWvu5laIYUBDcqrZKAF0qvLnyJZ7ms8eUjP1f4kVmd52IEcBg8Hpldwi7oDQks9KyC75zYWFoVOTSnoneyCbyYBz0F3OnaSHum7cxbpHDNFc1IJlPggfyufcG1uW9rfLr6f2lDxvpc=,iv:+i7V/r3+A5l2hwqlsAzj/eHCV8DdaYD9EPqLauXZI18=,tag:kB6b0b0AdwbtTGdxoRYqlQ==,type:str]",
-		"pgp": null,
-		"unencrypted_suffix": "_unencrypted",
-		"version": "3.8.1"
-	}
-}
\ No newline at end of file
diff --git a/cmd/server/configs/allowlists/example.json b/cmd/server/configs/allowlists/local.json
similarity index 100%
rename from cmd/server/configs/allowlists/example.json
rename to cmd/server/configs/allowlists/local.json
diff --git a/cmd/server/configs/local.conf b/cmd/server/configs/local.conf
index d299a23..806da52 100644
--- a/cmd/server/configs/local.conf
+++ b/cmd/server/configs/local.conf
@@ -1,6 +1,6 @@
 env local
 allowed_cors_origins http://localhost:3000
-# allowlist_file is added by our /scripts/run_server.sh script
+allowlist_file cmd/server/configs/allowlists/local.json
 
 use_local_jwts true
 enable_credential_test_api true
diff --git a/scripts/run_server.sh b/scripts/run_server.sh
index 2360c60..947b0eb 100755
--- a/scripts/run_server.sh
+++ b/scripts/run_server.sh
@@ -23,26 +23,10 @@ OPTS=$(getopt \
   -- "$@"
 )
 
-if ! [ -x "$(command -v sops)" ]; then
-  echo 'Error: sops is not installed.' >&2
-  exit 1
-fi
-
-TMP_CONFIG_DIR="$(mktemp -d -t credsrv-local-XXXXXXXXX)"
-function cleanup {
-  rm -rf "$TMP_CONFIG_DIR"
-}
-trap cleanup EXIT
-TMP_ALLOWLIST_FILE="${TMP_CONFIG_DIR}/local.json"
-TMP_CONFIG_FILE="${TMP_CONFIG_DIR}/local.conf"
-sops -d "$ROOT/cmd/server/configs/allowlists/local.enc.json" > "$TMP_ALLOWLIST_FILE"
-cp "$ROOT/cmd/server/configs/local.conf" "$TMP_CONFIG_FILE"
-printf "\nallowlist_file %s\n" "$TMP_ALLOWLIST_FILE" >> "$TMP_CONFIG_FILE"
-
 eval set --$OPTS
 
 declare -a FLAGS=(
-  "--config=$TMP_CONFIG_FILE"
+  "--config=cmd/server/configs/local.conf"
 )
 while [ ! $# -eq 0 ]
 do