diff --git a/src/utils/keymgr/main.c b/src/utils/keymgr/main.c
index ed3b3b58cf8fae6b54fc583662a21822fccd9fe4..c3c8c9de2c6a0a6877f97f3a795d94235b7f02d0 100644
--- a/src/utils/keymgr/main.c
+++ b/src/utils/keymgr/main.c
@@ -16,6 +16,8 @@
 
 #include <stdlib.h>
 #include <sys/stat.h>
+#include <sys/types.h>
+#include <unistd.h>
 
 #include "knot/conf/conf.h"
 #include "knot/dnssec/zone-keys.h"
@@ -232,6 +234,22 @@ static bool init_conf_blank(const char *kasp_dir)
 	return true;
 }
 
+static void update_privileges(void)
+{
+	int uid, gid;
+	if (conf_user(conf(), &uid, &gid) != KNOT_EOK) {
+		return;
+	}
+
+	// Just try to alter process privileges if different from configured.
+	if ((gid_t)gid != getgid()) {
+		(void)setregid(gid, gid);
+	}
+	if ((uid_t)uid != getuid()) {
+		(void)setreuid(uid, uid);
+	}
+}
+
 int main(int argc, char *argv[])
 {
 	if (argc <= 1) {
@@ -314,6 +332,8 @@ int main(int argc, char *argv[])
 		}
 	}
 
+	update_privileges();
+
 	int ret = key_command(argc - argpos, argv + argpos);
 
 	conf_free(conf());