diff --git a/cmd/discovery/client/enc.go b/cmd/discovery/client/enc.go
index 75517f7..3313267 100644
--- a/cmd/discovery/client/enc.go
+++ b/cmd/discovery/client/enc.go
@@ -12,6 +12,8 @@ import (
 	"github.com/pkg/errors"
 )
 
+const DefaultNVIndex = "0x1500000"
+
 func getPass(server string, partition *block.Partition) (string, bool, error) {
 	msg, err := tpm.Get(server,
 		tpm.WithAdditionalHeader("label", partition.Label),
@@ -48,7 +50,7 @@ func genAndStore(k Config) (string, error) {
 	if err != nil {
 		return "", err
 	}
-	nvindex := "0x1500000"
+	nvindex := DefaultNVIndex
 	if k.Kcrypt.Challenger.NVIndex != "" {
 		nvindex = k.Kcrypt.Challenger.NVIndex
 	}
@@ -57,7 +59,7 @@ func genAndStore(k Config) (string, error) {
 }
 
 func localPass(k Config) (string, error) {
-	index := "0x1500000"
+	index := DefaultNVIndex
 	if k.Kcrypt.Challenger.NVIndex != "" {
 		index = k.Kcrypt.Challenger.NVIndex
 	}
diff --git a/pkg/challenger/challenger.go b/pkg/challenger/challenger.go
index b051542..008aaec 100644
--- a/pkg/challenger/challenger.go
+++ b/pkg/challenger/challenger.go
@@ -15,6 +15,7 @@ import (
 	"github.com/kairos-io/kairos-challenger/controllers"
 	tpm "github.com/kairos-io/tpm-helpers"
 	corev1 "k8s.io/api/core/v1"
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/kubernetes"
 
@@ -113,7 +114,7 @@ func Start(ctx context.Context, kclient *kubernetes.Clientset, reconciler *contr
 				continue
 			}
 
-			sealedVolumeData := findSecretFor(PassphraseRequestData{
+			sealedVolumeData := findVolumeFor(PassphraseRequestData{
 				TPMHash:    hashEncoded,
 				Label:      label,
 				DeviceName: name,
@@ -143,6 +144,11 @@ func Start(ctx context.Context, kclient *kubernetes.Clientset, reconciler *contr
 				}
 				_, err := kclient.CoreV1().Secrets(namespace).Get(ctx, secretName, v1.GetOptions{})
 				if err != nil {
+					if !apierrors.IsNotFound(err) {
+						fmt.Printf("Failed getting secret: %s\n", err.Error())
+						continue
+					}
+
 					secret := corev1.Secret{
 						TypeMeta: v1.TypeMeta{
 							Kind:       "Secret",
@@ -199,7 +205,7 @@ func Start(ctx context.Context, kclient *kubernetes.Clientset, reconciler *contr
 				return
 			}
 
-			sealedVolumeData := findSecretFor(PassphraseRequestData{
+			sealedVolumeData := findVolumeFor(PassphraseRequestData{
 				TPMHash:    hashEncoded,
 				Label:      label,
 				DeviceName: name,
@@ -230,10 +236,10 @@ func Start(ctx context.Context, kclient *kubernetes.Clientset, reconciler *contr
 				secret, err := kclient.CoreV1().Secrets(namespace).Get(ctx, secretName, v1.GetOptions{})
 				if err == nil {
 					passphrase := secret.Data[secretPath]
-					gen, generated := secret.Data[constants.GeneratedByKey]
+					generatedBy, generated := secret.Data[constants.GeneratedByKey]
 					result := map[string]string{"passphrase": string(passphrase)}
 					if generated {
-						result[constants.GeneratedByKey] = string(gen)
+						result[constants.GeneratedByKey] = string(generatedBy)
 					}
 					err = json.NewEncoder(writer).Encode(result)
 					if err != nil {
@@ -277,7 +283,7 @@ func Start(ctx context.Context, kclient *kubernetes.Clientset, reconciler *contr
 	}()
 }
 
-func findSecretFor(requestData PassphraseRequestData, volumeList *keyserverv1alpha1.SealedVolumeList) *SealedVolumeData {
+func findVolumeFor(requestData PassphraseRequestData, volumeList *keyserverv1alpha1.SealedVolumeList) *SealedVolumeData {
 	for _, v := range volumeList.Items {
 		if requestData.TPMHash == v.Spec.TPMHash {
 			for _, p := range v.Spec.Partitions {
diff --git a/pkg/challenger/challenger_test.go b/pkg/challenger/challenger_test.go
index c0c344e..01f6c54 100644
--- a/pkg/challenger/challenger_test.go
+++ b/pkg/challenger/challenger_test.go
@@ -38,7 +38,7 @@ var _ = Describe("challenger", func() {
 			})
 
 			It("returns the sealed volume data", func() {
-				volumeData := findSecretFor(requestData, volumeList)
+				volumeData := findVolumeFor(requestData, volumeList)
 				Expect(volumeData).ToNot(BeNil())
 				Expect(volumeData.Quarantined).To(BeFalse())
 				Expect(volumeData.SecretName).To(Equal("the_secret"))
@@ -67,7 +67,7 @@ var _ = Describe("challenger", func() {
 			})
 
 			It("doesn't match a request with an empty field", func() {
-				volumeData := findSecretFor(requestData, volumeList)
+				volumeData := findVolumeFor(requestData, volumeList)
 				Expect(volumeData).To(BeNil())
 			})
 		})
@@ -86,7 +86,7 @@ var _ = Describe("challenger", func() {
 			})
 
 			It("returns the sealed volume data", func() {
-				volumeData := findSecretFor(requestData, volumeList)
+				volumeData := findVolumeFor(requestData, volumeList)
 				Expect(volumeData).ToNot(BeNil())
 				Expect(volumeData.Quarantined).To(BeFalse())
 				Expect(volumeData.SecretName).To(Equal("the_secret"))
@@ -108,7 +108,7 @@ var _ = Describe("challenger", func() {
 			})
 
 			It("returns the sealed volume data", func() {
-				volumeData := findSecretFor(requestData, volumeList)
+				volumeData := findVolumeFor(requestData, volumeList)
 				Expect(volumeData).ToNot(BeNil())
 				Expect(volumeData.Quarantined).To(BeFalse())
 				Expect(volumeData.SecretName).To(Equal("the_secret"))
@@ -130,7 +130,7 @@ var _ = Describe("challenger", func() {
 			})
 
 			It("returns nil sealedVolumeData", func() {
-				volumeData := findSecretFor(requestData, volumeList)
+				volumeData := findVolumeFor(requestData, volumeList)
 				Expect(volumeData).To(BeNil())
 			})
 		})