diff --git a/nixos/tests/binary-cache.nix b/nixos/tests/binary-cache.nix
index 3877075143af..b045f1a298f1 100644
--- a/nixos/tests/binary-cache.nix
+++ b/nixos/tests/binary-cache.nix
@@ -9,18 +9,37 @@ import ./make-test-python.nix (
       { pkgs, ... }:
       {
         imports = [ ../modules/installer/cd-dvd/channel.nix ];
-        environment.systemPackages = [ pkgs.python3 ];
-        system.extraDependencies = [ pkgs.hello.inputDerivation ];
+        environment.systemPackages = with pkgs; [
+          openssl
+          python3
+        ];
+
+        # We encrypt the binary cache before putting it on the machine so Nix
+        # doesn't bring any references along.
+        environment.etc."binary-cache.tar.gz.encrypted".source =
+          with pkgs;
+          runCommand "binary-cache.tar.gz.encrypted"
+            {
+              allowReferences = [ ];
+              nativeBuildInputs = [ openssl ];
+            }
+            ''
+              tar -czf tmp.tar.gz -C "${mkBinaryCache { rootPaths = [ hello ]; }}" .
+              openssl enc -aes-256-cbc -salt -in tmp.tar.gz -out $out -k mysecretpassword
+            '';
+
         nix.extraOptions = ''
           experimental-features = nix-command
         '';
       };
 
     testScript = ''
-      # Build the cache, then remove it from the store
-      cachePath = machine.succeed("nix-build --no-out-link -E 'with import <nixpkgs> {}; mkBinaryCache { rootPaths = [hello]; }'").strip()
-      machine.succeed("cp -r %s/. /tmp/cache" % cachePath)
-      machine.succeed("nix-store --delete " + cachePath)
+      # Decrypt the cache into /tmp/binary-cache.tar.gz
+      machine.succeed("openssl enc -d -aes-256-cbc -in /etc/binary-cache.tar.gz.encrypted -out /tmp/binary-cache.tar.gz -k mysecretpassword")
+
+      # Untar the cache into /tmp/cache
+      machine.succeed("mkdir /tmp/cache")
+      machine.succeed("tar -C /tmp/cache -xf /tmp/binary-cache.tar.gz")
 
       # Sanity test of cache structure
       status, stdout = machine.execute("ls /tmp/cache")
@@ -42,8 +61,7 @@ import ./make-test-python.nix (
       if not match: raise Exception("Couldn't find hello store path in cache")
       storePath = match[1]
 
-      # Delete the store path
-      machine.succeed("nix-store --delete " + storePath)
+      # Make sure the store path doesn't exist yet
       machine.succeed("[ ! -d %s ] || exit 1" % storePath)
 
       # Should be able to build hello using the cache