diff --git a/IdentityShroud.Api/Program.cs b/IdentityShroud.Api/Program.cs
index 57aaed4..66a7554 100644
--- a/IdentityShroud.Api/Program.cs
+++ b/IdentityShroud.Api/Program.cs
@@ -40,11 +40,7 @@ void ConfigureBuilder(WebApplicationBuilder builder)
     services.AddOptions<DbConfiguration>().Bind(configuration.GetSection("db"));
     services.AddSingleton<ISecretProvider, ConfigurationSecretProvider>();
     services.AddSingleton<KeyMapper>();
-    services.AddSingleton<IEncryptionService>(c =>
-    {
-        var configuration = c.GetRequiredService<IConfiguration>();
-        return new EncryptionService(configuration.GetValue<string>("Secrets:Master"));
-    });
+    services.AddSingleton<IEncryptionService, EncryptionService>();
     
     services.AddValidatorsFromAssemblyContaining<RealmCreateRequestValidator>();    
     
diff --git a/IdentityShroud.Core.Tests/Services/EncryptionServiceTests.cs b/IdentityShroud.Core.Tests/Services/EncryptionServiceTests.cs
index e97b2df..b855732 100644
--- a/IdentityShroud.Core.Tests/Services/EncryptionServiceTests.cs
+++ b/IdentityShroud.Core.Tests/Services/EncryptionServiceTests.cs
@@ -1,4 +1,5 @@
 using System.Security.Cryptography;
+using IdentityShroud.Core.Contracts;
 using IdentityShroud.Core.Services;
 
 namespace IdentityShroud.Core.Tests.Services;
@@ -10,7 +11,10 @@ public class EncryptionServiceTests
     {
         // setup
         string key = Convert.ToBase64String(RandomNumberGenerator.GetBytes(32));
-        EncryptionService sut = new(key);
+        var secretProvider = Substitute.For<ISecretProvider>();
+        secretProvider.GetSecret("Master").Returns(key);
+            
+        EncryptionService sut = new(secretProvider);
         byte[] input = RandomNumberGenerator.GetBytes(16);
         
         // act
diff --git a/IdentityShroud.Core/Contracts/ISecretProvider.cs b/IdentityShroud.Core/Contracts/ISecretProvider.cs
index 73cd3a6..2a8e9e6 100644
--- a/IdentityShroud.Core/Contracts/ISecretProvider.cs
+++ b/IdentityShroud.Core/Contracts/ISecretProvider.cs
@@ -2,5 +2,5 @@ namespace IdentityShroud.Core.Contracts;
 
 public interface ISecretProvider
 {
-    string GetSecretAsync(string name);
+    string GetSecret(string name);
 }
diff --git a/IdentityShroud.Core/Security/ConfigurationSecretProvider.cs b/IdentityShroud.Core/Security/ConfigurationSecretProvider.cs
index 01be0a9..ab77ef1 100644
--- a/IdentityShroud.Core/Security/ConfigurationSecretProvider.cs
+++ b/IdentityShroud.Core/Security/ConfigurationSecretProvider.cs
@@ -10,7 +10,7 @@ public class ConfigurationSecretProvider(IConfiguration configuration) : ISecret
 {
     private readonly IConfigurationSection secrets = configuration.GetSection("secrets"); 
     
-    public string GetSecretAsync(string name)
+    public string GetSecret(string name)
     {
         return secrets.GetValue<string>(name) ?? "";
     }
diff --git a/IdentityShroud.Core/Services/EncryptionService.cs b/IdentityShroud.Core/Services/EncryptionService.cs
new file mode 100644
index 0000000..845f43e
--- /dev/null
+++ b/IdentityShroud.Core/Services/EncryptionService.cs
@@ -0,0 +1,36 @@
+using IdentityShroud.Core.Contracts;
+using IdentityShroud.Core.Security;
+
+namespace IdentityShroud.Core.Services;
+
+/// <summary>
+/// 
+/// </summary>
+public class EncryptionService : IEncryptionService
+{
+    private readonly byte[] encryptionKey;
+
+    /// <summary>
+    /// For easier usage in 
+    /// </summary>
+    /// <param name="encryptionKey">Encryption key as base64, must be 32 bytes</param>
+    // public EncryptionService(string keyBase64)
+    // {
+    //     encryptionKey = Convert.FromBase64String(keyBase64);
+    // }
+
+    public EncryptionService(ISecretProvider secretProvider)
+    {
+        encryptionKey = Convert.FromBase64String(secretProvider.GetSecret("Master"));
+    }
+
+    public byte[] Encrypt(byte[] plain)
+    {
+        return AesGcmHelper.EncryptAesGcm(plain, encryptionKey);
+    }
+
+    public byte[] Decrypt(byte[] cipher)
+    {
+        return AesGcmHelper.DecryptAesGcm(cipher, encryptionKey);
+    }
+}
\ No newline at end of file
diff --git a/IdentityShroud.Core/Services/MasterEncryptionService.cs b/IdentityShroud.Core/Services/MasterEncryptionService.cs
deleted file mode 100644
index d0b5eda..0000000
--- a/IdentityShroud.Core/Services/MasterEncryptionService.cs
+++ /dev/null
@@ -1,23 +0,0 @@
-using IdentityShroud.Core.Contracts;
-using IdentityShroud.Core.Security;
-
-namespace IdentityShroud.Core.Services;
-
-/// <summary>
-/// 
-/// </summary>
-/// <param name="encryptionKey">Encryption key as base64, must be 32 bytes</param>
-public class EncryptionService(string keyBase64) : IEncryptionService
-{
-    private readonly byte[] encryptionKey = Convert.FromBase64String(keyBase64);
-
-    public byte[] Encrypt(byte[] plain)
-    {
-        return AesGcmHelper.EncryptAesGcm(plain, encryptionKey);
-    }
-
-    public byte[] Decrypt(byte[] cipher)
-    {
-        return AesGcmHelper.DecryptAesGcm(cipher, encryptionKey);
-    }
-}
\ No newline at end of file