diff --git a/encrypted_upload/application.py b/encrypted_upload/application.py
index c7e7f07..9192f43 100644
--- a/encrypted_upload/application.py
+++ b/encrypted_upload/application.py
@@ -206,6 +206,7 @@ def upload(self, files: Optional[Union[Part, List[Part]]] = None) \
                 ]
                 path = Path(self.args.import_path) / 'Scripts'
                 with Popen(process_args, stdout=None, stderr=None, cwd=path):
+                    # Let the import process run but no longer care about it.
                     pass
 
         return {
diff --git a/encrypted_upload/auth.py b/encrypted_upload/auth.py
index e1f91cb..845eaf6 100644
--- a/encrypted_upload/auth.py
+++ b/encrypted_upload/auth.py
@@ -76,20 +76,14 @@ def handle_command(args: Namespace) -> None:
     else:
         user = str(args.user)
         exists = keyring.get_password(domain, user)
-        if args.delete:
-            if not exists:
-                raise KeyError(f'User {user} does not exist')
+        if args.add == bool(exists):
+            raise KeyError(f'"{user}" {"must" if exists else "does"} not exist')
 
+        if args.delete:
             keyring.delete_password(domain, user)
         elif args.add:
-            if exists:
-                raise KeyError(f'User {user} already exists')
-
             password = get_password(args)
             keyring.set_password(domain, user, password)
-        elif args.modify:
-            if not exists:
-                raise KeyError(f'User {user} does not exist')
-
+        else: # modify
             password = get_password(args)
             keyring.set_password(domain, user, password)
diff --git a/encrypted_upload/bootstrap.py b/encrypted_upload/bootstrap.py
index 9e42a07..881c41b 100644
--- a/encrypted_upload/bootstrap.py
+++ b/encrypted_upload/bootstrap.py
@@ -98,13 +98,31 @@ def add_args(parser: ArgumentParser, config: RawConfigParser) -> None:
     server.add_argument('--cgi', action='store_true', default=False,
                         help='Start a CGI server instead of HTTP')
 
+def _update_keyring(config: RawConfigParser, args: Namespace,
+                    auth_key: str) -> str:
+    keyring_name = str(args.keyring)
+    auth_keyring = keyring.get_password(f'{keyring_name}-secret', 'server')
+    if auth_keyring is not None:
+        auth_key = auth_keyring
+    elif auth_key != '':
+        keyring.set_password(f'{keyring_name}-secret', 'server', auth_key)
+    else:
+        raise ValueError('No server secret auth key provided')
+
+    for user, password in config['auth'].items():
+        keyring.set_password(keyring_name, user,
+                             ha1_nonce(user, str(args.realm), password))
+    for user, passphrase in config['symm'].items():
+        keyring.set_password(f'{keyring_name}-symmetric', user, passphrase)
+
+    return auth_key
+
 def bootstrap(config: RawConfigParser, args: Namespace) -> None:
     """
     Set up the upload server.
     """
 
     debug = bool(args.debug)
-    realm = str(args.realm)
     if args.listen is not None:
         bind_address = str(args.listen)
     elif debug:
@@ -114,22 +132,8 @@ def bootstrap(config: RawConfigParser, args: Namespace) -> None:
 
     auth_key = str(config['server'].get('secret', ''))
     if args.keyring:
-        keyring_name = str(args.keyring)
-        auth_keyring = keyring.get_password(f'{keyring_name}-secret', 'server')
-        if auth_keyring is not None:
-            auth_key = auth_keyring
-        elif auth_key != '':
-            keyring.set_password(f'{keyring_name}-secret', 'server', auth_key)
-        else:
-            raise ValueError('No server secret auth key provided')
-
-        for user, password in config['auth'].items():
-            keyring.set_password(keyring_name, user,
-                                 ha1_nonce(user, realm, password))
-        for user, passphrase in config['symm'].items():
-            keyring.set_password(f'{keyring_name}-symmetric', user, passphrase)
-
-        ha1 = get_ha1_keyring(keyring_name)
+        auth_key = _update_keyring(config, args, auth_key)
+        ha1 = get_ha1_keyring(args.keyring)
     else:
         ha1 = cherrypy.lib.auth_digest.get_ha1_dict_plain(dict(config['auth']))
 
@@ -145,7 +149,7 @@ def bootstrap(config: RawConfigParser, args: Namespace) -> None:
             'error_page.default': Upload.json_error,
             'response.headers.server': server,
             'tools.auth_digest.on': True,
-            'tools.auth_digest.realm': realm,
+            'tools.auth_digest.realm': str(args.realm),
             'tools.auth_digest.get_ha1': ha1,
             'tools.auth_digest.key': str(auth_key)
         }
diff --git a/test/auth.py b/test/auth.py
index 40e3999..5bcb399 100644
--- a/test/auth.py
+++ b/test/auth.py
@@ -85,7 +85,7 @@ def test_handle_command(self, delete_password: MagicMock,
         handle_command(args)
         delete_password.assert_called_once_with('$SERVER_KEYRING', 'user')
         get.return_value = None
-        with self.assertRaises(KeyError):
+        with self.assertRaisesRegex(KeyError, '"user" does not exist'):
             handle_command(args)
 
         args = self.parser.parse_args([
@@ -96,7 +96,7 @@ def test_handle_command(self, delete_password: MagicMock,
         set_password.assert_called_once_with('ring', 'user',
                                              ha1_nonce('user', 'ex', 'mypass'))
         get.return_value = 'mypass'
-        with self.assertRaises(KeyError):
+        with self.assertRaisesRegex(KeyError, '"user" must not exist'):
             handle_command(args)
 
         set_password.reset_mock()
@@ -108,7 +108,7 @@ def test_handle_command(self, delete_password: MagicMock,
         set_password.assert_called_once_with('domain', 'user',
                                              ha1_nonce('user', 'ex', 'newpass'))
         get.return_value = None
-        with self.assertRaises(KeyError):
+        with self.assertRaisesRegex(KeyError, '"user" does not exist'):
             handle_command(args)
 
         set_password.reset_mock()