diff --git a/confluent_server/confluent/credserver.py b/confluent_server/confluent/credserver.py
index dec553f8..f6632d00 100644
--- a/confluent_server/confluent/credserver.py
+++ b/confluent_server/confluent/credserver.py
@@ -69,7 +69,7 @@ class CredServer(object):
                 client.close()
                 return
             echotoken = util.stringify(client.recv(tlv[1]))
-            cfgupdate = {nodename: {'crypted.selfapikey': echotoken, 'deployment.apiarmed': ''}}
+            cfgupdate = {nodename: {'crypted.selfapikey': {'hashvalue': echotoken}, 'deployment.apiarmed': ''}}
             if apiarmed == 'continuous':
                 del cfgupdate[nodename]['deployment.apiarmed']
             self.cfm.set_node_attributes(cfgupdate)
diff --git a/confluent_server/confluent/selfservice.py b/confluent_server/confluent/selfservice.py
index d271174e..ee9f8f33 100644
--- a/confluent_server/confluent/selfservice.py
+++ b/confluent_server/confluent/selfservice.py
@@ -28,7 +28,7 @@ def handle_request(env, start_response):
         return
     cfg = configmanager.ConfigManager(None)
     eak = cfg.get_node_attributes(nodename, 'crypted.selfapikey').get(
-        nodename, {}).get('crypted.selfapikey', {}).get('value', None)
+        nodename, {}).get('crypted.selfapikey', {}).get('hashvalue', None)
     if not eak:
         start_response('401 Unauthorized', [])
         yield 'Unauthorized'