diff --git a/cmd/signer/main.go b/cmd/signer/main.go
index a11b6d61916e33776261c703e8bc5b41e1002e6a..f83b8a0ea8468a9643cd541738dfad38e8f3f499 100644
--- a/cmd/signer/main.go
+++ b/cmd/signer/main.go
@@ -52,7 +52,7 @@ func main() {
 
 	vault, err := vault.New(cfg.Vault.Addr, cfg.Vault.Token, httpClient)
 	if err != nil {
-		logger.Fatal("cannot create vault client", zap.Error(err))
+		logger.Fatal("cannot initialize vault client", zap.Error(err))
 	}
 
 	// create services
diff --git a/internal/clients/vault/client.go b/internal/clients/vault/client.go
index c5d8b46a69e03e9396c1e87c9a51a8c090142199..782fcb9a2abe01426de368d43f94ad325a719e14 100644
--- a/internal/clients/vault/client.go
+++ b/internal/clients/vault/client.go
@@ -35,6 +35,10 @@ func New(addr string, token string, httpClient *http.Client) (*Client, error) {
 
 	client.SetToken(token)
 
+	if _, err = client.Sys().Capabilities(token, pathSign); err != nil {
+		return nil, err
+	}
+
 	return &Client{cfg: cfg, client: client}, nil
 }