diff --git a/src/cloud-api-adaptor/podvm-mkosi/mkosi.skeleton/usr/lib/systemd/system-preset/30-coco.preset b/src/cloud-api-adaptor/podvm-mkosi/mkosi.skeleton/usr/lib/systemd/system-preset/30-coco.preset
index 21a84f325..99e2edd10 100644
--- a/src/cloud-api-adaptor/podvm-mkosi/mkosi.skeleton/usr/lib/systemd/system-preset/30-coco.preset
+++ b/src/cloud-api-adaptor/podvm-mkosi/mkosi.skeleton/usr/lib/systemd/system-preset/30-coco.preset
@@ -2,7 +2,7 @@ enable attestation-protocol-forwarder.service
 enable attestation-agent.service
 enable api-server-rest.path
 enable confidential-data-hub.path
-enable kata-agent.service
+enable kata-agent.path
 enable netns@.service
 enable process-user-data.service
 enable setup-nat-for-imds.service
diff --git a/src/cloud-api-adaptor/podvm/files/etc/ocicrypt_config.json b/src/cloud-api-adaptor/podvm/files/etc/ocicrypt_config.json
deleted file mode 100644
index ad171bf9d..000000000
--- a/src/cloud-api-adaptor/podvm/files/etc/ocicrypt_config.json
+++ /dev/null
@@ -1,7 +0,0 @@
-{
-	"key-providers": {
-		"attestation-agent": {
-			"ttrpc": "unix:///run/confidential-containers/cdh.sock"
-		}
-	}
-}
diff --git a/src/cloud-api-adaptor/podvm/files/etc/systemd/system/agent-protocol-forwarder.service b/src/cloud-api-adaptor/podvm/files/etc/systemd/system/agent-protocol-forwarder.service
index 0203244c1..a6109408b 100644
--- a/src/cloud-api-adaptor/podvm/files/etc/systemd/system/agent-protocol-forwarder.service
+++ b/src/cloud-api-adaptor/podvm/files/etc/systemd/system/agent-protocol-forwarder.service
@@ -1,10 +1,8 @@
 [Unit]
 Description=Agent Protocol Forwarder
 After=kata-agent.service
-Wants=kata-agent.service
 DefaultDependencies=no
 
-
 [Service]
 Type=notify
 EnvironmentFile=-/etc/default/agent-protocol-forwarder
diff --git a/src/cloud-api-adaptor/podvm/files/etc/systemd/system/kata-agent.path b/src/cloud-api-adaptor/podvm/files/etc/systemd/system/kata-agent.path
new file mode 100644
index 000000000..28dce9e4e
--- /dev/null
+++ b/src/cloud-api-adaptor/podvm/files/etc/systemd/system/kata-agent.path
@@ -0,0 +1,9 @@
+[Unit]
+Description=Monitor for the Confidential Data Hub socket
+
+[Path]
+PathExists=/run/confidential-containers/cdh.sock
+Unit=kata-agent.service
+
+[Install]
+WantedBy=multi-user.target
diff --git a/src/cloud-api-adaptor/podvm/files/etc/systemd/system/kata-agent.service b/src/cloud-api-adaptor/podvm/files/etc/systemd/system/kata-agent.service
index 95be6c5f8..1cedaa1a4 100644
--- a/src/cloud-api-adaptor/podvm/files/etc/systemd/system/kata-agent.service
+++ b/src/cloud-api-adaptor/podvm/files/etc/systemd/system/kata-agent.service
@@ -1,11 +1,9 @@
 [Unit]
 Description=Kata Agent
 BindsTo=netns@podns.service
-Wants=process-user-data.service attestation-agent.service
-After=netns@podns.service process-user-data.service attestation-agent.service
+After=netns@podns.service process-user-data.service
 
 [Service]
-Environment=OCICRYPT_KEYPROVIDER_CONFIG=/etc/ocicrypt_config.json
 ExecStartPre=mkdir -p /run/kata-containers
 ExecStart=/usr/local/bin/kata-agent --config /run/peerpod/agent-config.toml
 ExecStartPre=-umount /sys/fs/cgroup/misc
diff --git a/src/cloud-api-adaptor/podvm/files/etc/systemd/system/multi-user.target.wants/kata-agent.path b/src/cloud-api-adaptor/podvm/files/etc/systemd/system/multi-user.target.wants/kata-agent.path
new file mode 120000
index 000000000..99ae8777f
--- /dev/null
+++ b/src/cloud-api-adaptor/podvm/files/etc/systemd/system/multi-user.target.wants/kata-agent.path
@@ -0,0 +1 @@
+../kata-agent.path
\ No newline at end of file
diff --git a/src/cloud-api-adaptor/podvm/files/etc/systemd/system/multi-user.target.wants/kata-agent.service b/src/cloud-api-adaptor/podvm/files/etc/systemd/system/multi-user.target.wants/kata-agent.service
deleted file mode 120000
index b498ebe4a..000000000
--- a/src/cloud-api-adaptor/podvm/files/etc/systemd/system/multi-user.target.wants/kata-agent.service
+++ /dev/null
@@ -1 +0,0 @@
-../kata-agent.service
\ No newline at end of file
diff --git a/src/cloud-api-adaptor/versions.yaml b/src/cloud-api-adaptor/versions.yaml
index 9b349a23d..949deb0a0 100644
--- a/src/cloud-api-adaptor/versions.yaml
+++ b/src/cloud-api-adaptor/versions.yaml
@@ -49,7 +49,7 @@ oci:
     tag: 3.9
   kata-containers:
     registry: ghcr.io/kata-containers/cached-artefacts
-    reference: 9a33a3413b222868232402a7412562f4f6fb5736
+    reference: a2b9527be36ce5adb76491a27c7e02780feade6b
   guest-components:
     registry: ghcr.io/confidential-containers/guest-components
     reference: d8da69072424e496486dfb5421a26f16ff2a7abf