diff --git a/lib/Pasteburn/Config.pm b/lib/Pasteburn/Config.pm
index 2e29e41..36f6267 100644
--- a/lib/Pasteburn/Config.pm
+++ b/lib/Pasteburn/Config.pm
@@ -110,7 +110,7 @@ C<Pasteburn::Config> loads the project config.
 
 Load the config and return a C<Pasteburn::Config> object.
 
-Required keys and values are validated during load, and exception thrown if not defined or containing the default values.
+Required keys and values are validated during load, and exception thrown if key does not exist and doesn't match the expected values.
 
 =back
 
diff --git a/lib/Pasteburn/Crypt/Hash.pm b/lib/Pasteburn/Crypt/Hash.pm
index b3b646b..f4c8981 100644
--- a/lib/Pasteburn/Crypt/Hash.pm
+++ b/lib/Pasteburn/Crypt/Hash.pm
@@ -63,7 +63,7 @@ sub validate {
         @_,
     };
 
-    if ( !$arg->{hash} ) {
+    if ( !defined $arg->{hash} ) {
         die "hash is required\n";
     }
 
diff --git a/lib/Pasteburn/Crypt/Storage.pm b/lib/Pasteburn/Crypt/Storage.pm
index 3a7cb2d..33d6750 100644
--- a/lib/Pasteburn/Crypt/Storage.pm
+++ b/lib/Pasteburn/Crypt/Storage.pm
@@ -30,7 +30,7 @@ sub encode {
         @_,
     };
 
-    if ( !$arg->{secret} ) {
+    if ( !defined $arg->{secret} ) {
         die "secret argument is required\n";
     }
 
@@ -44,7 +44,7 @@ sub decode {
         @_,
     };
 
-    if ( !$arg->{secret} ) {
+    if ( !defined $arg->{secret} ) {
         die "secret argument is required\n";
     }
 
diff --git a/lib/Pasteburn/Model/Secrets.pm b/lib/Pasteburn/Model/Secrets.pm
index a871c99..ace0836 100644
--- a/lib/Pasteburn/Model/Secrets.pm
+++ b/lib/Pasteburn/Model/Secrets.pm
@@ -88,7 +88,7 @@ sub get {
 
     my ( @where, @bind_values );
 
-    foreach my $key ( keys %{$arg} ) {
+    foreach my $key (qw{id}) {
         if ( !defined $arg->{$key} ) {
             next;
         }
@@ -117,7 +117,7 @@ sub store {
         @_,
     };
 
-    foreach my $attribute ( 'passphrase', 'secret' ) {
+    foreach my $attribute (qw{passphrase secret}) {
         if ( !defined $self->{$attribute} ) {
             die "$attribute is required";
         }
@@ -170,7 +170,7 @@ sub _generate_id {
     my $self = shift;
 
     if ( !Scalar::Util::blessed($self) ) {
-        die "_generate_id must be called as an object method";
+        die '_generate_id must be called as an object method';
     }
 
     return Digest::SHA::sha256_hex( Crypt::Random::makerandom( Size => 512, Strength => 0 ) );
@@ -180,7 +180,7 @@ sub _update_object {
     my $self = shift;
 
     if ( !Scalar::Util::blessed($self) ) {
-        die "_update_object must be called as an object method";
+        die '_update_object must be called as an object method';
     }
 
     # always update the object with the data from the database.
@@ -208,15 +208,15 @@ sub validate_passphrase {
     };
 
     if ( !Scalar::Util::blessed($self) ) {
-        die "validate_passphrase must be called as an object method";
+        die 'validate_passphrase must be called as an object method';
     }
 
     if ( !$self->id ) {
-        die "validate_passphrase cannot be run for a nonexistent secret";
+        die 'validate_passphrase cannot be run for a nonexistent secret';
     }
 
     if ( !defined $arg->{passphrase} ) {
-        die "passphrase is required";
+        die 'passphrase is required';
     }
 
     # if the secret is stored with an empty string as passphrase, there is still
@@ -225,7 +225,7 @@ sub validate_passphrase {
     # but not allow an undef to be stored.
     # although unlikely to fail, still verify the hashed passphrase is in the object.
     if ( !defined $self->passphrase ) {
-        die "passphrase is not set";
+        die 'passphrase is not set';
     }
 
     my $crypt = Pasteburn::Crypt::Hash->new();
@@ -241,15 +241,15 @@ sub decode_secret {
     };
 
     if ( !Scalar::Util::blessed($self) ) {
-        die "decode_secret must be called as an object method";
+        die 'decode_secret must be called as an object method';
     }
 
     if ( !$self->id ) {
-        die "decode_secret cannot be run for a nonexistent secret";
+        die 'decode_secret cannot be run for a nonexistent secret';
     }
 
     if ( !defined $arg->{passphrase} ) {
-        die "passphrase is required";
+        die 'passphrase is required';
     }
 
     my $crypt_storage  = Pasteburn::Crypt::Storage->new( passphrase => $arg->{passphrase} );
@@ -268,11 +268,11 @@ sub delete_secret {
     my $self = shift;
 
     if ( !Scalar::Util::blessed($self) ) {
-        die "delete_secret must be called as an object method";
+        die 'delete_secret must be called as an object method';
     }
 
     if ( !$self->id ) {
-        die "delete_secret cannot be run for a nonexistent secret";
+        die 'delete_secret cannot be run for a nonexistent secret';
     }
 
     my $sql = q{
diff --git a/t/lib/Pasteburn/Test.pm b/t/lib/Pasteburn/Test.pm
index f1882c9..10e4ab7 100644
--- a/t/lib/Pasteburn/Test.pm
+++ b/t/lib/Pasteburn/Test.pm
@@ -149,14 +149,14 @@ sub create_test_app {
         @_,
     );
 
-    foreach my $required ( keys %args ) {
+    foreach my $required ( qw{config} ) {
         if ( !defined $args{$required} ) {
             die "$required is required";
         }
     }
 
     if ( !ref $args{config} eq 'HASH' ) {
-        die "config must be a hashref";
+        die 'config must be a hashref';
     }
 
     override(