diff --git a/nixos/pkgs/privatestorage/repo.json b/nixos/pkgs/privatestorage/repo.json
index 669f724bfa7dbb5251c0a1a119dba0b4beffcbda..32e72b6bf0b0506bf7364ba05c429983c9447c2a 100644
--- a/nixos/pkgs/privatestorage/repo.json
+++ b/nixos/pkgs/privatestorage/repo.json
@@ -2,7 +2,7 @@
   "owner": "PrivateStorageio",
   "branch": "main",
   "repo": "ZKAPAuthorizer",
-  "rev": "5bad3a39ae78cb2483d70709b8a7c1cba96571ab",
+  "rev": "2615f1f0297604fb373db11c7a525b5adddde41c",
   "outputHashAlgo": "sha512",
-  "outputHash": "1m277qsf8p94px33g7vbc18bjb48w35s8z2hbpnpga8mw21j1x9i0whnk7300byp9nx86vnk860bfmhbih4zdwprqnpflgvaciwdbwh"
+  "outputHash": "3aws54yjmn69cb95l2ygx9sclda63xmar2i8w2fxkm4fjys3y8wdq58ilnf2y2id1h526ignw27xwyz4fjwv59cr7nqfjb31954qsqf"
 }
diff --git a/nixos/tests/private-storage.nix b/nixos/tests/private-storage.nix
index 86c6cbdb08e3f305dc5e1a18907d737d1f8c1c1e..a208ce249f1f1227f966e38a1c62ab6166d187f8 100644
--- a/nixos/tests/private-storage.nix
+++ b/nixos/tests/private-storage.nix
@@ -40,6 +40,7 @@ let
       basename = "signing-key.private";
     in
       pkgs.writeText basename key;
+  ristrettoPublicKey = "xoNHEqAi+kC5EWfqN+kuDINhjQTwGrSQyshHvGFpoys=";
 
   stripeSecretKeyPath =
     let
@@ -237,7 +238,7 @@ in {
     #
     # Storage appears to be working so try to get a client to speak with it.
     #
-    ${runOnNode "client" [ run-client "/tmp/client" introducerFURL issuerURL ]}
+    ${runOnNode "client" [ run-client "/tmp/client" introducerFURL issuerURL ristrettoPublicKey ]}
     client.wait_for_open_port(3456)
 
     # Make sure the fake Stripe API server is ready for requests.
@@ -258,7 +259,7 @@ in {
         voucher
       ]}
     except:
-      code, log = client.execute('cat /tmp/stdout /tmp/stderr');
+      code, output = client.execute('cat /tmp/stdout /tmp/stderr');
       client.log(output)
 
       # Dump the fake Stripe API server logs, too, since the error may arise
diff --git a/nixos/tests/run-client.py b/nixos/tests/run-client.py
index e6cde321bdeb8a2b2493c984cce116a0287b16d1..df37bb48901a8c97dbe6889c86af2b40d52b22f3 100755
--- a/nixos/tests/run-client.py
+++ b/nixos/tests/run-client.py
@@ -12,7 +12,7 @@ from subprocess import check_output
 from configparser import ConfigParser
 
 def main():
-    (nodePath, introducerFURL, issuerURL) = argv[1:]
+    (nodePath, introducerFURL, issuerURL, publicKey) = argv[1:]
 
     run(["tahoe", "--version"])
     run([
@@ -33,6 +33,7 @@ def main():
     config.add_section(u"storageclient.plugins.privatestorageio-zkapauthz-v1")
     config.set(u"storageclient.plugins.privatestorageio-zkapauthz-v1", u"redeemer", u"ristretto")
     config.set(u"storageclient.plugins.privatestorageio-zkapauthz-v1", u"ristretto-issuer-root-url", issuerURL)
+    config.set(u"storageclient.plugins.privatestorageio-zkapauthz-v1", u"allowed-public-keys", publicKey)
     # This has to agree with the PaymentServer configuration at the configured
     # issuer location.  Presently PaymentServer has 50000 hard-coded as the
     # correct value.