diff --git a/salt/reactor/telegraf_user_sync.sls b/salt/reactor/telegraf_user_sync.sls
index abf35d3b2..ec0aec336 100644
--- a/salt/reactor/telegraf_user_sync.sls
+++ b/salt/reactor/telegraf_user_sync.sls
@@ -3,8 +3,8 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.
 
-{# Fires on salt/auth. Only act on accepted keys — ignore pending/reject. #}
-{% if data.get('act') == 'accept' and data.get('id') %}
+{# Fires on salt/key. Only act on successful key acceptance — not reauth. #}
+{% if data.get('act') == 'accept' and data.get('result') == True and data.get('id') %}
 
 {{ data['id'] }}_telegraf_pg_sync:
   runner.state.orchestrate:
diff --git a/salt/salt/master.sls b/salt/salt/master.sls
index 7e3e48074..e61b09d21 100644
--- a/salt/salt/master.sls
+++ b/salt/salt/master.sls
@@ -67,7 +67,7 @@ reactor_config_telegraf:
     - name: /etc/salt/master.d/reactor_telegraf.conf
     - contents: |
         reactor:
-          - 'salt/auth':
+          - 'salt/key':
             - /opt/so/saltstack/default/salt/reactor/telegraf_user_sync.sls
     - user: root
     - group: root