diff --git a/config/configs.go b/config/configs.go
index 4412340e463340f4e107643cf8cef779e51825e0..5bd3a94a560e4027b32c319a6ee393979303a29c 100644
--- a/config/configs.go
+++ b/config/configs.go
@@ -25,6 +25,8 @@ var CaCertificatePEM []byte
 var VereignCaCertificatePEM []byte
 var VereignCaKeyPEM []byte
 
+var ReplaceKey bool
+
 var MaxMessageSize int
 
 var GrpcListenAddress string
@@ -42,6 +44,8 @@ func SetConfigValues(configFile, etcdURL string) {
 	viper.SetDefault("dataStorageUrl", "data-storage-agent:7777")
 	viper.SetDefault("entitiesManagerUrl", "entities-management-agent:7779")
 
+	viper.SetDefault("replaceKey", false)
+
 	viper.SetDefault("viamUUID", "viam-system")
 	viper.SetDefault("viamSession", "viam-session")
 
@@ -127,6 +131,8 @@ func SetConfigValues(configFile, etcdURL string) {
 	DataStorageUrl = viper.GetString("dataStorageUrl")
 	EntitiesManagerUrl = viper.GetString("entitiesManagerUrl")
 
+	ReplaceKey = viper.GetBool("replaceKey")
+
 	SystemAuth.Uuid = viper.GetString("viamUUID")
 	SystemAuth.Session = viper.GetString("viamSession")
 
diff --git a/handler/handler.go b/handler/handler.go
index 4c2ce23cb1b61be9694abca7ad1792dcdafc188d..8ca9a05d72229a6ebf7d0b46e96e9ac4f2efa944 100644
--- a/handler/handler.go
+++ b/handler/handler.go
@@ -22,8 +22,10 @@ import (
 	"errors"
 	"log"
 	"strings"
+
 	"code.vereign.com/code/viam-apis/clientutils"
 
+	"code.vereign.com/code/key-storage-agent/config"
 	keyutils "code.vereign.com/code/key-storage-agent/utils"
 	"code.vereign.com/code/viam-apis/authentication"
 	"code.vereign.com/code/viam-apis/key-storage-agent/api"
@@ -94,7 +96,7 @@ func (s *KeyStorageServerImpl) GetKey(ctx context.Context, in *api.GetKeyRequest
 	if in.KeyType == api.KeyType_KT_EMPTY {
 		getKeyResponse.StatusList = utils.AddStatus(getKeyResponse.StatusList,
 			"400", api.StatusType_ERROR, "KeyType cannot be empty")
-		return getKeyResponse, nil
+		return getKeyResponse, errors.New("KeyType cannot be empty")
 	}
 
 	key := &api.Key{}
@@ -105,21 +107,22 @@ func (s *KeyStorageServerImpl) GetKey(ctx context.Context, in *api.GetKeyRequest
 		getKeyResponse.Key = nil
 		getKeyResponse.StatusList = utils.AddStatus(getKeyResponse.StatusList,
 			"500", api.StatusType_ERROR, err.Error())
-		return getKeyResponse, nil
+		return getKeyResponse, err
 	}
 
 	if errorsString != "" {
 		getKeyResponse.Key = nil
 		getKeyResponse.StatusList = utils.AddStatus(getKeyResponse.StatusList,
 			"500", api.StatusType_ERROR, errorsString)
+		return nil, errors.New(errorsString)
 	}
-	
+
 	if !hasData {
 		log.Println("No such key " + in.Uuid)
 		getKeyResponse.Key = nil
 		getKeyResponse.StatusList = utils.AddStatus(getKeyResponse.StatusList,
 			"500", api.StatusType_ERROR, err.Error())
-		return getKeyResponse, nil
+		return getKeyResponse, err
 	}
 
 	getKeyResponse.Key = key
@@ -138,29 +141,31 @@ func (s *KeyStorageServerImpl) SetKey(ctx context.Context, in *api.SetKeyRequest
 	if in.Uuid == "root" {
 		setKeyResponse.StatusList = utils.AddStatus(setKeyResponse.StatusList,
 			"400", api.StatusType_ERROR, "Can not set root CA keys")
-		return setKeyResponse, nil
+		return setKeyResponse, errors.New("Can not set root CA keys")
 	}
 
 	if in.KeyType == api.KeyType_KT_EMPTY {
 		setKeyResponse.StatusList = utils.AddStatus(setKeyResponse.StatusList,
 			"400", api.StatusType_ERROR, "KeyType cannot be empty")
-		return setKeyResponse, nil
+		return setKeyResponse, errors.New("KeyType cannot be empty")
 	}
 
 	key := &api.Key{}
 
-	_, _, err := client.GetData("keys", in.Uuid+"/"+api.KeyType.String(in.KeyType), key)
-	if err != nil {
-		log.Printf("grpc call GetData to DataStorage failed: %s", err)
-		setKeyResponse.StatusList = utils.AddStatus(setKeyResponse.StatusList,
-			"500", api.StatusType_ERROR, err.Error())
-		return setKeyResponse, nil
-	}
+	if config.ReplaceKey == false {
+		_, _, err := client.GetData("keys", in.Uuid+"/"+api.KeyType.String(in.KeyType), key)
+		if err != nil {
+			log.Printf("grpc call GetData to DataStorage failed: %s", err)
+			setKeyResponse.StatusList = utils.AddStatus(setKeyResponse.StatusList,
+				"500", api.StatusType_ERROR, err.Error())
+			return setKeyResponse, err
+		}
 
-	if len(key.Content) > 0 {
-		setKeyResponse.StatusList = utils.AddStatus(setKeyResponse.StatusList,
-			"400", api.StatusType_ERROR, "Key is already set")
-		return setKeyResponse, nil
+		if len(key.Content) > 0 {
+			setKeyResponse.StatusList = utils.AddStatus(setKeyResponse.StatusList,
+				"400", api.StatusType_ERROR, "Key is already set")
+			return setKeyResponse, errors.New("Key is already set")
+		}
 	}
 
 	result, errors, err := client.PutData("keys", in.Uuid+"/"+api.KeyType.String(in.KeyType), in.Key)
@@ -268,7 +273,7 @@ func (s *KeyStorageServerImpl) GetKeyId(ctx context.Context, in *api.GetKeyIdByK
 			log.Printf("Error: %s", errorsString)
 			return nil, errors.New(errorsString)
 		}
-	
+
 		if !hasData {
 			log.Println("No such checkID " + checkID)
 			return nil, errors.New("No such checkID " + checkID)