diff --git a/internal/keystore/fortanix/keystore.go b/internal/keystore/fortanix/keystore.go
index 857adabf..145ee3b0 100644
--- a/internal/keystore/fortanix/keystore.go
+++ b/internal/keystore/fortanix/keystore.go
@@ -189,7 +189,7 @@ func (s *Store) Status(ctx context.Context) (kes.KeyStoreState, error) {
 	}
 
 	start := time.Now()
-	resp, err := http.DefaultClient.Do(req)
+	resp, err := s.client.Do(req)
 	if err != nil {
 		return kes.KeyStoreState{}, &keystore.ErrUnreachable{Err: err}
 	}
diff --git a/internal/keystore/gemalto/key-secure.go b/internal/keystore/gemalto/key-secure.go
index 4e383ee4..3126a11a 100644
--- a/internal/keystore/gemalto/key-secure.go
+++ b/internal/keystore/gemalto/key-secure.go
@@ -122,7 +122,7 @@ func (s *Store) Status(ctx context.Context) (kes.KeyStoreState, error) {
 	}
 
 	start := time.Now()
-	resp, err := http.DefaultClient.Do(req)
+	resp, err := s.client.Do(req)
 	if err != nil {
 		return kes.KeyStoreState{}, &keystore.ErrUnreachable{Err: err}
 	}
diff --git a/internal/keystore/vault/client.go b/internal/keystore/vault/client.go
index 42625db8..dbdea62d 100644
--- a/internal/keystore/vault/client.go
+++ b/internal/keystore/vault/client.go
@@ -83,7 +83,7 @@ func (c *client) AuthenticateWithAppRole(login *AppRole) authFunc {
 			"role_id":   login.ID,
 			"secret_id": login.Secret,
 		})
-		if secret == nil {
+		if secret == nil && err == nil {
 			// The Vault SDK eventually returns no error but also no
 			// secret. In this case have to return a (not very helpful)
 			// error to signal that the authentication failed - for some
@@ -108,7 +108,7 @@ func (c *client) AuthenticateWithK8S(login *Kubernetes) authFunc {
 			"role": login.Role,
 			"jwt":  login.JWT,
 		})
-		if secret == nil {
+		if secret == nil && err == nil {
 			// The Vault SDK eventually returns no error but also no
 			// secret. In this case have to return a (not very helpful)
 			// error to signal that the authentication failed - for some