diff --git a/cmd/notary-signer/main.go b/cmd/notary-signer/main.go
index e00d3d5814..092dedd07a 100644
--- a/cmd/notary-signer/main.go
+++ b/cmd/notary-signer/main.go
@@ -100,14 +100,15 @@ func setUpCryptoservices(configuration *viper.Viper, allowedBackends []string) (
 		}
 		logrus.Debugf("Using %s DB: %s", storeConfig.Backend, storeConfig.Source)
 
-		keyStore, err := keydbstore.NewKeyDBStore(
+		dbStore, err := keydbstore.NewKeyDBStore(
 			passphraseRetriever, defaultAlias, storeConfig.Backend, dbSQL)
 		if err != nil {
 			return nil, fmt.Errorf("failed to create a new keydbstore: %v", err)
 		}
 
 		health.RegisterPeriodicFunc(
-			"DB operational", keyStore.HealthCheck, time.Second*60)
+			"DB operational", dbStore.HealthCheck, time.Second*60)
+		keyStore = dbStore
 	}
 
 	cryptoService := cryptoservice.NewCryptoService("", keyStore)
diff --git a/cmd/notary-signer/main_test.go b/cmd/notary-signer/main_test.go
index 1b565f608c..bd219ae7a5 100644
--- a/cmd/notary-signer/main_test.go
+++ b/cmd/notary-signer/main_test.go
@@ -11,8 +11,11 @@ import (
 	"testing"
 
 	"github.com/docker/notary/signer"
+	"github.com/docker/notary/signer/keydbstore"
 	"github.com/docker/notary/tuf/data"
 	"github.com/docker/notary/utils"
+	"github.com/jinzhu/gorm"
+	_ "github.com/mattn/go-sqlite3"
 	"github.com/spf13/viper"
 	"github.com/stretchr/testify/assert"
 )
@@ -120,6 +123,17 @@ func TestSetupCryptoServicesDBStoreSuccess(t *testing.T) {
 	tmpFile.Close()
 	defer os.Remove(tmpFile.Name())
 
+	// Ensure that the private_key table exists
+	db, err := gorm.Open("sqlite3", tmpFile.Name())
+	assert.NoError(t, err)
+	var (
+		gormKey = keydbstore.GormPrivateKey{}
+		count   int
+	)
+	db.CreateTable(&gormKey)
+	db.Model(&gormKey).Count(&count)
+	assert.Equal(t, 0, count)
+
 	cryptoServices, err := setUpCryptoservices(
 		configure(fmt.Sprintf(
 			`{"storage": {"backend": "%s", "db_url": "%s"},
@@ -136,6 +150,16 @@ func TestSetupCryptoServicesDBStoreSuccess(t *testing.T) {
 	assert.True(t, ok)
 
 	assert.Equal(t, edService, ecService)
+
+	// since the keystores are not exposed by CryptoService, try creating
+	// a key and seeing if it is in the sqlite DB.
+	os.Setenv("NOTARY_SIGNER_TIMESTAMP", "password")
+	defer os.Unsetenv("NOTARY_SIGNER_TIMESTAMP")
+
+	_, err = ecService.Create("timestamp", data.ECDSAKey)
+	assert.NoError(t, err)
+	db.Model(&gormKey).Count(&count)
+	assert.Equal(t, 1, count)
 }
 
 // If a memory backend is specified, then a default alias is not needed, and
@@ -155,6 +179,14 @@ func TestSetupCryptoServicesMemoryStore(t *testing.T) {
 	assert.True(t, ok)
 
 	assert.Equal(t, edService, ecService)
+
+	// since the keystores are not exposed by CryptoService, try creating
+	// and getting the key
+	pubKey, err := ecService.Create("", data.ECDSAKey)
+	assert.NoError(t, err)
+	privKey, _, err := ecService.GetPrivateKey(pubKey.ID())
+	assert.NoError(t, err)
+	assert.NotNil(t, privKey)
 }
 
 func TestSetupHTTPServer(t *testing.T) {