diff --git a/src/authx/auth.py b/src/authx/auth.py
index 6ed3b06..f03292c 100644
--- a/src/authx/auth.py
+++ b/src/authx/auth.py
@@ -348,7 +348,7 @@ def remove_aws_credential(endpoint=None, bucket=None, vault_url=VAULT_URL):
     # clean up endpoint name:
     endpoint = re.sub(r"\W", "_", endpoint)
 
-    status_code = delete_service_store_secret("candig-ingest", key=f"aws/{endpoint}-{bucket}")
+    status_code = delete_service_store_secret("candig-ingest", key=f"aws/{endpoint}/{bucket}")
     if status_code == 200:
         result = {}
         result['endpoint'] = endpoint
@@ -374,7 +374,7 @@ def get_minio_client(token=None, s3_endpoint=None, bucket=None, access_key=None,
     else:
         endpoint = s3_endpoint
         if access_key is None and not public:
-            response, status_code = get_aws_credential(token=token, endpoint=s3_endpoint, bucket=bucket)
+            response, status_code = get_aws_credential(endpoint=s3_endpoint, bucket=bucket)
             if "error" in response:
                 raise CandigAuthError(response)
             access_key = response["access_key"]
diff --git a/test_auth.py b/test_auth.py
index f9f2d0d..70413ad 100644
--- a/test_auth.py
+++ b/test_auth.py
@@ -166,17 +166,11 @@ def test_put_aws_credential():
             return
         endpoint = "http://test.endpoint"
         # store credential using not-site-admin token
-        result, status_code = src.authx.auth.store_aws_credential(token=src.authx.auth.get_auth_token(FakeRequest()), endpoint=endpoint, bucket="test_bucket", access="test", secret="secret", vault_url=VAULT_URL)
+        result, status_code = src.authx.auth.store_aws_credential(endpoint=endpoint, bucket="test_bucket", access="test", secret="secret", vault_url=VAULT_URL)
         print(result, status_code)
         assert status_code == 200
 
-        # try getting it with a non-site_admin token
-        result, status_code = src.authx.auth.get_aws_credential(token=src.authx.auth.get_auth_token(FakeRequest()), vault_url=VAULT_URL, endpoint=endpoint, bucket="test_bucket")
-        print(result)
-        assert "errors" in result
-
-        # try getting it with a site_admin token
-        result, status_code = src.authx.auth.get_aws_credential(token=src.authx.auth.get_auth_token(FakeRequest(site_admin=True)), vault_url=VAULT_URL, endpoint=endpoint, bucket="test_bucket")
+        result, status_code = src.authx.auth.get_aws_credential(vault_url=VAULT_URL, endpoint=endpoint, bucket="test_bucket")
         assert result['secret'] == 'secret'
         assert result['url'] == 'test.endpoint'
     else:
@@ -197,7 +191,7 @@ def test_get_s3_url():
             if os.getenv("SERVICE_NAME") != "candig-ingest":
                 warnings.warn(UserWarning("aws credential tests can only be run within the candig-ingest container"))
                 return
-            result, status_code = src.authx.auth.store_aws_credential(token=src.authx.auth.get_auth_token(FakeRequest()),endpoint=MINIO_URL, bucket="test", access=MINIO_ACCESS_KEY, secret=MINIO_SECRET_KEY, vault_url=VAULT_URL)
+            result, status_code = src.authx.auth.store_aws_credential(endpoint=MINIO_URL, bucket="test", access=MINIO_ACCESS_KEY, secret=MINIO_SECRET_KEY, vault_url=VAULT_URL)
             assert result['url'] in MINIO_URL
             minio = src.authx.auth.get_minio_client(token=src.authx.auth.get_auth_token(FakeRequest()), s3_endpoint=MINIO_URL, bucket="test")
             assert minio['endpoint'] == MINIO_URL