diff --git a/iam_builder/iam_builder.py b/iam_builder/iam_builder.py
index 485806b..0891d10 100644
--- a/iam_builder/iam_builder.py
+++ b/iam_builder/iam_builder.py
@@ -96,7 +96,7 @@ def build_iam_policy(config: dict) -> dict:  # noqa: C901
         # Deal with read only access
         if "read_only" in config["secretsmanager"]:
             secretsmanager_read_only = get_secretsmanager_read_only_policy(
-                config["secretsmanager"]
+                config["secretsmanager"]["read_only"]
             )
             iam["Statement"].append(secretsmanager_read_only)
         else:
diff --git a/tests/test_config/secretsmanager_read_only.yaml b/tests/test_config/secretsmanager_read_only.yaml
index 7d8c6da..19a4462 100644
--- a/tests/test_config/secretsmanager_read_only.yaml
+++ b/tests/test_config/secretsmanager_read_only.yaml
@@ -1,3 +1,5 @@
 iam_role_name: an_iam_role_name
 
-secretsmanager: read_only
+secretsmanager: 
+  read_only:
+    - test/test_secret