diff --git a/src/CryptoAgent/CryptoAgentSettings.cs b/src/CryptoAgent/CryptoAgentSettings.cs
index d202fa5..2096d6d 100644
--- a/src/CryptoAgent/CryptoAgentSettings.cs
+++ b/src/CryptoAgent/CryptoAgentSettings.cs
@@ -8,17 +8,18 @@
 
         public class CertificateSettings
         {
-            // Filesystem
+            public string Provider { get; set; }
+            // filesystem
             public string FilesystemPath { get; set; }
             public string FilesystemPassword { get; set; }
-            // Local store
+            // store
             public string StoreThumbprint { get; set; }
-            // Azure blob storage
+            // azurestorage
             public string AzureStorageConnectionString { get; set; }
             public string AzureStorageContainer { get; set; }
             public string AzureStorageFileName { get; set; }
             public string AzureStorageFilePassword { get; set; }
-            // Azure key vault
+            // azurekv
             public string AzureKeyvaultUri { get; set; }
             public string AzureKeyvaultCertificateName { get; set; }
             public string AzureKeyvaultAdTenantId { get; set; }
@@ -28,26 +29,25 @@
 
         public class RsaKeySettings
         {
-            // Local certificate provider
             public string Provider { get; set; }
-            // Azure key vault
+            // azurekv
             public string AzureKeyvaultUri { get; set; }
             public string AzureKeyvaultKeyName { get; set; }
             public string AzureKeyvaultAdTenantId { get; set; }
             public string AzureKeyvaultAdAppId { get; set; }
             public string AzureKeyvaultAdSecret { get; set; }
-            // Google Cloud KMS
+            // gcpkms
             public string GoogleCloudProjectId { get; set; }
             public string GoogleCloudLocationId { get; set; }
             public string GoogleCloudKeyringId { get; set; }
             public string GoogleCloudKeyId { get; set; }
             public string GoogleCloudKeyVersionId { get; set; }
-            // AWS KMS
+            // awskms
             public string AwsAccessKeyId { get; set; }
             public string AwsAccessKeySecret { get; set; }
             public string AwsRegion { get; set; }
             public string AwsKeyId { get; set; }
-            // Hashicorp Vault...
+            // vault...
             // Other HSMs...
         }
 
diff --git a/src/CryptoAgent/Startup.cs b/src/CryptoAgent/Startup.cs
index 84c28cd..e1ffbee 100644
--- a/src/CryptoAgent/Startup.cs
+++ b/src/CryptoAgent/Startup.cs
@@ -34,73 +34,53 @@ namespace Bit.CryptoAgent
             {
                 services.AddSingleton<IRsaKeyService, LocalCertificateRsaKeyService>();
 
-                if (!string.IsNullOrWhiteSpace(settings.Certificate?.StoreThumbprint))
+                var certificateProvider = settings.Certificate.Provider?.ToLowerInvariant();
+                if (certificateProvider == "store")
                 {
                     services.AddSingleton<ICertificateProviderService, StoreCertificateProviderService>();
                 }
-                else if (!string.IsNullOrWhiteSpace(settings.Certificate?.FilesystemPath))
+                else if (certificateProvider == "filesystem")
                 {
                     services.AddSingleton<ICertificateProviderService, FilesystemCertificateProviderService>();
                 }
-                else if (!string.IsNullOrWhiteSpace(settings.Certificate?.AzureStorageConnectionString))
+                else if (certificateProvider == "azurestorage")
                 {
                     services.AddSingleton<ICertificateProviderService, AzureStorageCertificateProviderService>();
                 }
-                else if (!string.IsNullOrWhiteSpace(settings.Certificate?.AzureKeyvaultUri))
+                else if (certificateProvider == "azurekv")
                 {
                     services.AddSingleton<ICertificateProviderService, AzureKeyVaultCertificateProviderService>();
                 }
                 else
                 {
-                    throw new Exception("No certificate provider configured.");
+                    throw new Exception("Unknown certificate provider configured.");
                 }
             }
-            else if (rsaKeyProvider == "azure")
+            else if (rsaKeyProvider == "azurekv")
             {
-                if (!string.IsNullOrWhiteSpace(settings.RsaKey?.AzureKeyvaultUri))
-                {
-                    services.AddSingleton<IRsaKeyService, AzureKeyVaultRsaKeyService>();
-                }
-                else
-                {
-                    throw new Exception("No azure key vault configured.");
-                }
+                services.AddSingleton<IRsaKeyService, AzureKeyVaultRsaKeyService>();
             }
-            else if (rsaKeyProvider == "gcp")
+            else if (rsaKeyProvider == "gcpkms")
             {
-                if (!string.IsNullOrWhiteSpace(settings.RsaKey?.GoogleCloudKeyId))
-                {
-                    services.AddSingleton<IRsaKeyService, GoogleCloudKmsRsaKeyService>();
-                }
-                else
-                {
-                    throw new Exception("No gcp kms configured.");
-                }
+                services.AddSingleton<IRsaKeyService, GoogleCloudKmsRsaKeyService>();
             }
-            else if (rsaKeyProvider == "aws")
+            else if (rsaKeyProvider == "awskms")
             {
-                if (!string.IsNullOrWhiteSpace(settings.RsaKey?.AwsAccessKeyId))
-                {
-                    services.AddSingleton<IRsaKeyService, AwsKmsRsaKeyService>();
-                }
-                else
-                {
-                    throw new Exception("No aws kms configured.");
-                }
+                services.AddSingleton<IRsaKeyService, AwsKmsRsaKeyService>();
             }
             else
             {
-                throw new Exception("Unknown rsa key provider.");
+                throw new Exception("Unknown rsa key provider configured.");
             }
 
             services.AddSingleton<ICryptoFunctionService, CryptoFunctionService>();
             services.AddSingleton<ICryptoService, CryptoService>();
 
-            // JsonFlatFileDataStore
             if (!string.IsNullOrWhiteSpace(settings.Database?.JsonFilePath))
             {
                 // Assign foobar to keyProperty in order to not use incrementing Id functionality
-                services.AddSingleton<IDataStore>(new DataStore(settings.Database.JsonFilePath, keyProperty: "--foobar--"));
+                services.AddSingleton<IDataStore>(
+                    new DataStore(settings.Database.JsonFilePath, keyProperty: "--foobar--"));
                 services.AddSingleton<IApplicationDataRepository, Repositories.JsonFile.ApplicationDataRepository>();
                 services.AddSingleton<IUserKeyRepository, Repositories.JsonFile.UserKeyRepository>();
             }
diff --git a/src/CryptoAgent/appsettings.json b/src/CryptoAgent/appsettings.json
index bbaf8db..785d8fb 100644
--- a/src/CryptoAgent/appsettings.json
+++ b/src/CryptoAgent/appsettings.json
@@ -8,8 +8,5 @@
   },
   "AllowedHosts": "*",
   "cryptoAgentSettings": {
-    "rsaKey": {
-      "provider": "certificate"
-    }
   }
 }