diff --git a/pkg/beholder/auth.go b/pkg/beholder/auth.go
index c051f49f9..b4ecb319e 100644
--- a/pkg/beholder/auth.go
+++ b/pkg/beholder/auth.go
@@ -99,7 +99,6 @@ func (a *authHeaderPerRPCCredentials) refresh() (map[string]string, error) {
 // getHeaders returns the auth headers, refreshing them if they are expired
 func (a *authHeaderPerRPCCredentials) getHeaders() (map[string]string, error) {
 	if time.Since(a.lastUpdated) > a.headerTTL {
-
 		a.mu.Lock()
 		defer a.mu.Unlock()
 
@@ -156,7 +155,6 @@ func BuildAuthHeadersV2(privKey ed25519.PrivateKey, config *AuthHeaderConfig) ma
 	}
 
 	pubKey := privKey.Public().(ed25519.PublicKey)
-
 	timestampUnixMsBytes := make([]byte, 8)
 	binary.BigEndian.PutUint64(timestampUnixMsBytes, uint64(config.timestamp))
 
diff --git a/pkg/beholder/auth_test.go b/pkg/beholder/auth_test.go
index 06ae679d4..fefb7dc49 100644
--- a/pkg/beholder/auth_test.go
+++ b/pkg/beholder/auth_test.go
@@ -155,7 +155,6 @@ func TestNewAuthHeaderProvider(t *testing.T) {
 	})
 
 	t.Run("custom config", func(t *testing.T) {
-
 		provider := AuthHeaderProviderConfig{
 			HeaderTTL:                2 * time.Minute,
 			RequireTransportSecurity: true,
@@ -182,13 +181,14 @@ func TestAuthHeaderPerRPCCredentials_Refresh(t *testing.T) {
 
 	t.Run("version 1", func(t *testing.T) {
 		creds := &authHeaderPerRPCCredentials{
-			privKey: csaPrivKey,
 			version: authHeaderVersion1,
 			refreshFunc: func() (map[string]string, error) {
 				return BuildAuthHeaders(csaPrivKey), nil
 			},
 		}
-		creds.refresh()
+
+		_, err := creds.refresh()
+		require.NoError(t, err)
 
 		headers, err := creds.getHeaders()
 		require.NoError(t, err)
@@ -202,13 +202,13 @@ func TestAuthHeaderPerRPCCredentials_Refresh(t *testing.T) {
 
 	t.Run("version 2", func(t *testing.T) {
 		creds := &authHeaderPerRPCCredentials{
-			privKey: csaPrivKey,
 			version: authHeaderVersion2,
 			refreshFunc: func() (map[string]string, error) {
 				return BuildAuthHeadersV2(csaPrivKey, nil), nil
 			},
 		}
-		creds.refresh()
+		_, err := creds.refresh()
+		require.NoError(t, err)
 
 		headers, err := creds.getHeaders()
 		require.NoError(t, err)
@@ -222,14 +222,15 @@ func TestAuthHeaderPerRPCCredentials_Refresh(t *testing.T) {
 
 	t.Run("refresh after TTL", func(t *testing.T) {
 		creds := &authHeaderPerRPCCredentials{
-			privKey:   csaPrivKey,
 			headerTTL: 1 * time.Millisecond,
 			version:   authHeaderVersion2,
 			refreshFunc: func() (map[string]string, error) {
 				return BuildAuthHeadersV2(csaPrivKey, nil), nil
 			},
 		}
-		creds.refresh()
+
+		_, err := creds.refresh()
+		require.NoError(t, err)
 
 		headers1, err := creds.getHeaders()
 		require.NoError(t, err)