diff --git a/plugins/auth/handlers_test.go b/plugins/auth/handlers_test.go
new file mode 100644
index 00000000..40268180
--- /dev/null
+++ b/plugins/auth/handlers_test.go
@@ -0,0 +1,74 @@
+package auth
+
+import (
+	"context"
+	"testing"
+)
+
+var record = publicKey{
+	PublicKey: "LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFuenlpczFaamZOQjBiQmdLRk1Tdgp2a1R0d2x2QnNhSnE3UzV3QStremVWT1ZwVld3a1dkVmhhNHMzOFhNL3BhL3lyNDdhdjcrejNWVG12RFJ5QUhjCmFUOTJ3aFJFRnBMdjljajVsVGVKU2lieXIvTXJtL1l0akNaVldnYU9ZSWh3clh3S0xxUHIvMTFpbldzQWtmSXkKdHZIV1R4WllFY1hMZ0FYRnVVdWFTM3VGOWdFaU5Rd3pHVFUxdjBGcWtxVEJyNEI4blczSENONDdYVXUwdDhZMAplK2xmNHM0T3hRYXdXRDc5SjkvNWQzUnkwdmJWM0FtMUZ0R0ppSnZPd1JzSWZWQ2hEcFlTdFRjSFRDTXF0dldiClY2TDExQldrcHpHWFNXNEh2NDNxYStHU1lPRDJRVTY4TWI1OW9TazJPQitCdE9McEpvZm1iR0VHZ3Ztd3lDSTkKTXdJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0t",
+	RoleKey:   "admin",
+}
+
+var savePublicKeyTest = []struct {
+	setup   *ServerSetup
+	rawResp []byte
+	err     string
+}{
+	{
+		&ServerSetup{
+			Method:   "PUT",
+			Path:     "/.publickey/_doc/_public_key",
+			Body:     `{"public_key":"LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFuenlpczFaamZOQjBiQmdLRk1Tdgp2a1R0d2x2QnNhSnE3UzV3QStremVWT1ZwVld3a1dkVmhhNHMzOFhNL3BhL3lyNDdhdjcrejNWVG12RFJ5QUhjCmFUOTJ3aFJFRnBMdjljajVsVGVKU2lieXIvTXJtL1l0akNaVldnYU9ZSWh3clh3S0xxUHIvMTFpbldzQWtmSXkKdHZIV1R4WllFY1hMZ0FYRnVVdWFTM3VGOWdFaU5Rd3pHVFUxdjBGcWtxVEJyNEI4blczSENONDdYVXUwdDhZMAplK2xmNHM0T3hRYXdXRDc5SjkvNWQzUnkwdmJWM0FtMUZ0R0ppSnZPd1JzSWZWQ2hEcFlTdFRjSFRDTXF0dldiClY2TDExQldrcHpHWFNXNEh2NDNxYStHU1lPRDJRVTY4TWI1OW9TazJPQitCdE9McEpvZm1iR0VHZ3Ztd3lDSTkKTXdJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0t","role_key":"admin"}`,
+			Response: `{"_index":".publickey","_type":"doc","_id":"user1","_version":1,"found":true,"_source":{"public_key":"LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFuenlpczFaamZOQjBiQmdLRk1Tdgp2a1R0d2x2QnNhSnE3UzV3QStremVWT1ZwVld3a1dkVmhhNHMzOFhNL3BhL3lyNDdhdjcrejNWVG12RFJ5QUhjCmFUOTJ3aFJFRnBMdjljajVsVGVKU2lieXIvTXJtL1l0akNaVldnYU9ZSWh3clh3S0xxUHIvMTFpbldzQWtmSXkKdHZIV1R4WllFY1hMZ0FYRnVVdWFTM3VGOWdFaU5Rd3pHVFUxdjBGcWtxVEJyNEI4blczSENONDdYVXUwdDhZMAplK2xmNHM0T3hRYXdXRDc5SjkvNWQzUnkwdmJWM0FtMUZ0R0ppSnZPd1JzSWZWQ2hEcFlTdFRjSFRDTXF0dldiClY2TDExQldrcHpHWFNXNEh2NDNxYStHU1lPRDJRVTY4TWI1OW9TazJPQitCdE9McEpvZm1iR0VHZ3Ztd3lDSTkKTXdJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0t","role_key":"admin"}}`,
+		},
+		[]byte(`{"_index":".publickey","_type":"doc","_id":"user1","_version":1,"found":true,"_source":{"public_key":"LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFuenlpczFaamZOQjBiQmdLRk1Tdgp2a1R0d2x2QnNhSnE3UzV3QStremVWT1ZwVld3a1dkVmhhNHMzOFhNL3BhL3lyNDdhdjcrejNWVG12RFJ5QUhjCmFUOTJ3aFJFRnBMdjljajVsVGVKU2lieXIvTXJtL1l0akNaVldnYU9ZSWh3clh3S0xxUHIvMTFpbldzQWtmSXkKdHZIV1R4WllFY1hMZ0FYRnVVdWFTM3VGOWdFaU5Rd3pHVFUxdjBGcWtxVEJyNEI4blczSENONDdYVXUwdDhZMAplK2xmNHM0T3hRYXdXRDc5SjkvNWQzUnkwdmJWM0FtMUZ0R0ppSnZPd1JzSWZWQ2hEcFlTdFRjSFRDTXF0dldiClY2TDExQldrcHpHWFNXNEh2NDNxYStHU1lPRDJRVTY4TWI1OW9TazJPQitCdE9McEpvZm1iR0VHZ3Ztd3lDSTkKTXdJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0t","role_key":"admin"}}`),
+		"",
+	},
+}
+
+func TestSavePublicKey(t *testing.T) {
+	for _, tt := range savePublicKeyTest {
+		t.Run("savePublicKeyTest", func(t *testing.T) {
+			ts := buildTestServer(t, []*ServerSetup{tt.setup})
+			defer ts.Close()
+			es, _ := newStubClient(ts.URL, ".publickey", ".publickey")
+			_, err := es.savePublicKey(context.Background(), ".publickey",record)
+
+			if !compareErrs(tt.err, err) {
+				t.Fatalf("Cat aliases should have failed with error: %v got: %v instead\n", tt.err, err)
+			}
+		})
+	}
+}
+
+var getPublicKeyTest = []struct {
+	setup   *ServerSetup
+	rawResp []byte
+	err     string
+}{
+	{
+		&ServerSetup{
+			Method:   "GET",
+			Path:     "/.publickey/_doc/_public_key",
+			Body:    "",
+			Response: `{"_index":".publickey","_type":"doc","_id":"user1","_version":1,"found":true,"_source":{"public_key":"LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFuenlpczFaamZOQjBiQmdLRk1Tdgp2a1R0d2x2QnNhSnE3UzV3QStremVWT1ZwVld3a1dkVmhhNHMzOFhNL3BhL3lyNDdhdjcrejNWVG12RFJ5QUhjCmFUOTJ3aFJFRnBMdjljajVsVGVKU2lieXIvTXJtL1l0akNaVldnYU9ZSWh3clh3S0xxUHIvMTFpbldzQWtmSXkKdHZIV1R4WllFY1hMZ0FYRnVVdWFTM3VGOWdFaU5Rd3pHVFUxdjBGcWtxVEJyNEI4blczSENONDdYVXUwdDhZMAplK2xmNHM0T3hRYXdXRDc5SjkvNWQzUnkwdmJWM0FtMUZ0R0ppSnZPd1JzSWZWQ2hEcFlTdFRjSFRDTXF0dldiClY2TDExQldrcHpHWFNXNEh2NDNxYStHU1lPRDJRVTY4TWI1OW9TazJPQitCdE9McEpvZm1iR0VHZ3Ztd3lDSTkKTXdJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0t","role_key":"admin"}}`,
+		},
+		[]byte(`{"_index":".publickey","_type":"doc","_id":"user1","_version":1,"found":true,"_source":{"public_key":"LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFuenlpczFaamZOQjBiQmdLRk1Tdgp2a1R0d2x2QnNhSnE3UzV3QStremVWT1ZwVld3a1dkVmhhNHMzOFhNL3BhL3lyNDdhdjcrejNWVG12RFJ5QUhjCmFUOTJ3aFJFRnBMdjljajVsVGVKU2lieXIvTXJtL1l0akNaVldnYU9ZSWh3clh3S0xxUHIvMTFpbldzQWtmSXkKdHZIV1R4WllFY1hMZ0FYRnVVdWFTM3VGOWdFaU5Rd3pHVFUxdjBGcWtxVEJyNEI4blczSENONDdYVXUwdDhZMAplK2xmNHM0T3hRYXdXRDc5SjkvNWQzUnkwdmJWM0FtMUZ0R0ppSnZPd1JzSWZWQ2hEcFlTdFRjSFRDTXF0dldiClY2TDExQldrcHpHWFNXNEh2NDNxYStHU1lPRDJRVTY4TWI1OW9TazJPQitCdE9McEpvZm1iR0VHZ3Ztd3lDSTkKTXdJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0t","role_key":"admin"}}`),
+		"",
+	},
+}
+
+func TestGetPublicKey(t *testing.T) {
+	for _, tt := range getPublicKeyTest {
+		t.Run("getPublicKeyTest", func(t *testing.T) {
+			ts := buildTestServer(t, []*ServerSetup{tt.setup})
+			defer ts.Close()
+			es, _ := newStubClient(ts.URL, ".publickey", ".publickey")
+			_, err := es.getPublicKey(context.Background())
+			if !compareErrs(tt.err, err) {
+				t.Fatalf("Cat aliases should have failed with error: %v got: %v instead\n", tt.err, err)
+			}
+		})
+	}
+}
diff --git a/plugins/auth/middleware_test.go b/plugins/auth/middleware_test.go
index 4ef992b4..e74ef800 100644
--- a/plugins/auth/middleware_test.go
+++ b/plugins/auth/middleware_test.go
@@ -33,11 +33,14 @@ func (m *mockAuthService) getCredential(ctx context.Context, username string) (c
 	}
 }
 
+func (m *mockAuthService) createIndex(indexName, mapping string) (bool, error) {
+	args := m.Called(indexName, mapping)
+	return args.Bool(0), args.Error(1)
+}
 func (m *mockAuthService) putUser(ctx context.Context, u user.User) (bool, error) {
 	args := m.Called(ctx, u)
 	return args.Bool(0), args.Error(1)
 }
-
 func (m *mockAuthService) getUser(ctx context.Context, username string) (*user.User, error){
 	args := m.Called(ctx, username)
 	return args.Get(0).(*user.User), args.Error(1)
@@ -50,6 +53,10 @@ func (m *mockAuthService) putPermission(ctx context.Context, p permission.Permis
 	args := m.Called(ctx, p)
 	return args.Bool(0), args.Error(1)
 }
+func (m *mockAuthService) getPublicKey(ctx context.Context) (publicKey, error) {
+	args := m.Called(ctx)
+	return args.Get(0).(publicKey),args.Error(1)
+}
 func (m *mockAuthService) getPermission(ctx context.Context, username string) (*permission.Permission, error) {
 	args := m.Called(ctx, username)
 	return args.Get(0).(*permission.Permission), args.Error(1)
@@ -62,6 +69,10 @@ func (m *mockAuthService) getRawPermission(ctx context.Context, username string)
 	args := m.Called(ctx, username)
 	return args.Get(0).([]byte), args.Error(1)
 }
+func (m *mockAuthService) savePublicKey(ctx context.Context, indexName string, record publicKey) (interface{}, error) {
+	args := m.Called(ctx, indexName,record)
+	return  args.Get(0).(interface{}),args.Error(1)
+}
 
 func TestBasicAuthWithUserPasswordBasic(t *testing.T) {
 	hashedPassword, _ := bcrypt.GenerateFromPassword([]byte("bar"), bcrypt.DefaultCost)