diff --git a/controllerconfig/controllerconfig/scripts/controller_config b/controllerconfig/controllerconfig/scripts/controller_config
index 0853b5520f..01d57376b4 100755
--- a/controllerconfig/controllerconfig/scripts/controller_config
+++ b/controllerconfig/controllerconfig/scripts/controller_config
@@ -32,6 +32,7 @@ DELAY_SEC=70
 CONTROLLER_UPGRADE_STARTED_FILE="$(basename ${CONTROLLER_UPGRADE_STARTED_FLAG})"
 IMA_POLICY=/etc/ima.policy
 PUPPET_CACHE=/etc/puppet/cache
+PUPPET_CACHE_TMP=/etc/puppet/cache.tmp
 ACTIVE_CONTROLLER_NOT_FOUND_FLAG="/var/run/.active_controller_not_found"
 
 fatal_error()
@@ -493,13 +494,26 @@ start()
             fatal_error "Unable to copy .conf files to /etc/postgresql"
         fi
 
-        # Copy the hieradata to cache directory
-        rm -rf ${PUPPET_CACHE}
-        cp -R ${PUPPET_PATH} ${PUPPET_CACHE}
+        # rsync the hieradata to temp cache directory
+        rm -rf ${PUPPET_CACHE_TMP}
+        rsync -a "${PUPPET_PATH}/hieradata" "${PUPPET_CACHE_TMP}"
         if [ $? -ne 0 ]
         then
             umount_platform_dir
-            fatal_error "Failed to copy puppet directory ${PUPPET_PATH} into cache dir ${PUPPET_CACHE}"
+            fatal_error "Failed to rsync puppet hieradata from ${PUPPET_PATH} to temp cache directory ${PUPPET_CACHE_TMP}"
+        fi
+
+        # flush data to persistent storage and rename the temp puppet cache
+        # directory to final cache directory. This is more atomic than straight
+        # copy and minimize the chance to have incomplete or corrupted cached
+        # hieradata.
+        sync
+        rm -rf ${PUPPET_CACHE}
+        mv "${PUPPET_CACHE_TMP}" "${PUPPET_CACHE}"
+        if [ $? -ne 0 ]
+        then
+            umount_platform_dir
+            fatal_error "Failed to rename puppet temp cache directory ${PUPPET_CACHE_TMP} to cache directory ${PUPPET_CACHE}"
         fi
 
         # Copy the staging secured vault