diff --git a/apps/devtool/src/app/_hooks/useAccountSignature.tsx b/apps/devtool/src/app/_hooks/useAccountSignature.tsx
index 486b9ffec..e247749ea 100644
--- a/apps/devtool/src/app/_hooks/useAccountSignature.tsx
+++ b/apps/devtool/src/app/_hooks/useAccountSignature.tsx
@@ -54,7 +54,7 @@ const useAccountSignature = () => {
       htm: 'POST',
       uri: 'https://armory.narval.xyz/sign',
       created: new Date().getTime(),
-      ath: hexToBase64Url(`0x${hash(accessToken)}`)
+      ath: hexToBase64Url(hash(accessToken))
     }
 
     const signature = await signJwsd(payload, jwsdHeader, signer).then((jws) => {
diff --git a/apps/policy-engine/src/engine/__test__/e2e/client.spec.ts b/apps/policy-engine/src/engine/__test__/e2e/client.spec.ts
index cba281b87..c2c65ab30 100644
--- a/apps/policy-engine/src/engine/__test__/e2e/client.spec.ts
+++ b/apps/policy-engine/src/engine/__test__/e2e/client.spec.ts
@@ -111,7 +111,8 @@ describe('Client', () => {
         .send(createClientPayload)
 
       const actualClient = await clientRepository.findByClientId(clientId)
-      const actualPublicKey = secp256k1PrivateKeyToPublicJwk(privateKeyToHex(actualClient?.signer.key as PrivateKey))
+      const hex = await privateKeyToHex(actualClient?.signer.key as PrivateKey)
+      const actualPublicKey = secp256k1PrivateKeyToPublicJwk(hex)
 
       expect(body).toEqual({
         ...actualClient,
diff --git a/apps/policy-engine/src/engine/core/service/engine-signer-config.service.ts b/apps/policy-engine/src/engine/core/service/engine-signer-config.service.ts
index b3159dcef..63da1f173 100644
--- a/apps/policy-engine/src/engine/core/service/engine-signer-config.service.ts
+++ b/apps/policy-engine/src/engine/core/service/engine-signer-config.service.ts
@@ -19,8 +19,9 @@ export class EngineSignerConfigService {
 
   async getPublicJwkOrThrow(): Promise<PublicKey> {
     const signerConfig = await this.getSignerConfigOrThrow()
+    const hex = await privateKeyToHex(signerConfig.key)
 
-    return secp256k1PrivateKeyToPublicJwk(privateKeyToHex(signerConfig.key))
+    return secp256k1PrivateKeyToPublicJwk(hex)
   }
 
   async getSignerConfigOrThrow(): Promise<SignerConfig> {
diff --git a/apps/policy-engine/src/engine/http/rest/controller/client.controller.ts b/apps/policy-engine/src/engine/http/rest/controller/client.controller.ts
index 65281f4e6..e1a8f47d4 100644
--- a/apps/policy-engine/src/engine/http/rest/controller/client.controller.ts
+++ b/apps/policy-engine/src/engine/http/rest/controller/client.controller.ts
@@ -33,7 +33,9 @@ export class ClientController {
       updatedAt: now
     })
 
-    const publicKey = secp256k1PrivateKeyToPublicJwk(privateKeyToHex(client.signer.key))
+    const hex = await privateKeyToHex(client.signer.key)
+
+    const publicKey = secp256k1PrivateKeyToPublicJwk(hex)
 
     return {
       ...client,