diff --git a/primitives/privacypass/token_test.go b/primitives/privacypass/token_test.go
index 8033a6e..24c7848 100644
--- a/primitives/privacypass/token_test.go
+++ b/primitives/privacypass/token_test.go
@@ -1,6 +1,7 @@
 package privacypass
 
 import (
+	"crypto/sha512"
 	"git.openprivacy.ca/cwtch.im/tapir/persistence"
 	"git.openprivacy.ca/cwtch.im/tapir/primitives/core"
 	"git.openprivacy.ca/openprivacy/log"
@@ -67,8 +68,11 @@ func TestGenerateBlindedTokenBatch(t *testing.T) {
 	log.SetLevel(log.LevelDebug)
 	db := new(persistence.BoltPersistence)
 	db.Open("tokens.db")
-	defer db.Close()
-	server := NewTokenServerFromStore(db)
+
+	fakeRand := sha512.Sum512([]byte{})
+	k := ristretto255.NewScalar().FromUniformBytes(fakeRand[:])
+	server := NewTokenServerFromStore(k, db)
+	defer server.Close()
 
 	clientTranscript := core.NewTranscript("privacyPass")
 	serverTranscript := core.NewTranscript("privacyPass")
@@ -98,4 +102,5 @@ func TestGenerateBlindedTokenBatch(t *testing.T) {
 	if verified {
 		t.Errorf("Something went wrong, the proof passed with wrong transcript: %s", wrongTranscript.OutputTranscriptToAudit())
 	}
+
 }
diff --git a/primitives/privacypass/tokenserver.go b/primitives/privacypass/tokenserver.go
index 7559a77..3d039c8 100644
--- a/primitives/privacypass/tokenserver.go
+++ b/primitives/privacypass/tokenserver.go
@@ -28,7 +28,6 @@ type SignedBatchWithProof struct {
 }
 
 const tokenBucket = "tokens"
-const keyBucket = "keys"
 
 // NewTokenServer generates a new TokenServer (used mostly for testing with ephemeral instances)
 func NewTokenServer() *TokenServer {
@@ -44,29 +43,25 @@ func NewTokenServer() *TokenServer {
 }
 
 // NewTokenServerFromStore generates a new TokenServer backed by a persistence service.
-func NewTokenServerFromStore(persistenceService persistence.Service) *TokenServer {
+func NewTokenServerFromStore(k *ristretto.Scalar, persistenceService persistence.Service) *TokenServer {
 	tokenServer := NewTokenServer()
 	persistenceService.Setup([]string{tokenBucket})
-	persistenceService.Setup([]string{keyBucket})
-	exists, err := persistenceService.Check(keyBucket, "k")
-	if err != nil {
-		panic(err)
-	}
-	// if we don't have a stored k then save the one we have generated
-	// otherwise use the k we have stored
-	if !exists {
-		persistenceService.Persist(keyBucket, "k", tokenServer.k)
-	} else {
-		persistenceService.Load(keyBucket, "k", tokenServer.k)
 
-		// recalculate public key from stored k
-		tokenServer.Y = new(ristretto.Element).ScalarBaseMult(tokenServer.k)
-	}
+	// recalculate public key from k
+	tokenServer.k = k
+	tokenServer.Y = new(ristretto.Element).ScalarBaseMult(tokenServer.k)
 
 	tokenServer.persistanceService = persistenceService
 	return tokenServer
 }
 
+// Close ensures that the database is properly closed...
+func (ts *TokenServer) Close() {
+	ts.mutex.Lock()
+	defer ts.mutex.Unlock()
+	ts.persistanceService.Close()
+}
+
 // SignBlindedToken calculates kP for the given BlindedToken P
 func (ts *TokenServer) SignBlindedToken(bt BlindedToken) SignedToken {
 	Q := new(ristretto.Element).ScalarMult(ts.k, bt.P)
diff --git a/scratch/main.go b/scratch/main.go
deleted file mode 100644
index e69de29..0000000
diff --git a/service.go b/service.go
index e971ae8..ab01903 100644
--- a/service.go
+++ b/service.go
@@ -12,7 +12,6 @@ import (
 	"sync"
 )
 
-
 // ServiceMetrics outlines higher level information about the service e.g. counts of connections
 type ServiceMetrics struct {
 	ConnectionCount int