diff --git a/internal/kms/aws_metadata_test.go b/internal/kms/aws_metadata_test.go
index 4b7078817..36313ca50 100644
--- a/internal/kms/aws_metadata_test.go
+++ b/internal/kms/aws_metadata_test.go
@@ -19,11 +19,11 @@ package kms
 import (
 	"testing"
 
-	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 func TestAWSMetadataKMSRegistered(t *testing.T) {
 	t.Parallel()
 	_, ok := kmsManager.providers[kmsTypeAWSMetadata]
-	assert.True(t, ok)
+	require.True(t, ok)
 }
diff --git a/internal/kms/aws_sts_metadata_test.go b/internal/kms/aws_sts_metadata_test.go
index 853e1716d..83ae16a7d 100644
--- a/internal/kms/aws_sts_metadata_test.go
+++ b/internal/kms/aws_sts_metadata_test.go
@@ -19,11 +19,11 @@ package kms
 import (
 	"testing"
 
-	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 func TestAWSSTSMetadataKMSRegistered(t *testing.T) {
 	t.Parallel()
 	_, ok := kmsManager.providers[kmsTypeAWSSTSMetadata]
-	assert.True(t, ok)
+	require.True(t, ok)
 }
diff --git a/internal/kms/azure_vault_test.go b/internal/kms/azure_vault_test.go
index 3b8960c3e..58a976fec 100644
--- a/internal/kms/azure_vault_test.go
+++ b/internal/kms/azure_vault_test.go
@@ -19,11 +19,11 @@ package kms
 import (
 	"testing"
 
-	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 func TestAzureKMSRegistered(t *testing.T) {
 	t.Parallel()
 	_, ok := kmsManager.providers[kmsTypeAzure]
-	assert.True(t, ok)
+	require.True(t, ok)
 }
diff --git a/internal/kms/keyprotect_test.go b/internal/kms/keyprotect_test.go
index 87ba1fc8f..bdeb8ab15 100644
--- a/internal/kms/keyprotect_test.go
+++ b/internal/kms/keyprotect_test.go
@@ -19,11 +19,11 @@ package kms
 import (
 	"testing"
 
-	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 func TestKeyProtectMetadataKMSRegistered(t *testing.T) {
 	t.Parallel()
 	_, ok := kmsManager.providers[kmsTypeKeyProtectMetadata]
-	assert.True(t, ok)
+	require.True(t, ok)
 }
diff --git a/internal/kms/kmip_test.go b/internal/kms/kmip_test.go
index 8a558ed4b..778577352 100644
--- a/internal/kms/kmip_test.go
+++ b/internal/kms/kmip_test.go
@@ -19,11 +19,11 @@ package kms
 import (
 	"testing"
 
-	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 func TestKMIPKMSRegistered(t *testing.T) {
 	t.Parallel()
 	_, ok := kmsManager.providers[kmsTypeKMIP]
-	assert.True(t, ok)
+	require.True(t, ok)
 }
diff --git a/internal/kms/kms_test.go b/internal/kms/kms_test.go
index ec3452897..acf905903 100644
--- a/internal/kms/kms_test.go
+++ b/internal/kms/kms_test.go
@@ -19,7 +19,7 @@ package kms
 import (
 	"testing"
 
-	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 func noinitKMS(args ProviderInitArgs) (EncryptionKMS, error) {
@@ -47,9 +47,9 @@ func TestRegisterProvider(t *testing.T) {
 	for _, test := range tests {
 		provider := test.provider
 		if test.panics {
-			assert.Panics(t, func() { RegisterProvider(provider) })
+			require.Panics(t, func() { RegisterProvider(provider) })
 		} else {
-			assert.True(t, RegisterProvider(provider))
+			require.True(t, RegisterProvider(provider))
 		}
 	}
 }
diff --git a/internal/kms/kms_util_test.go b/internal/kms/kms_util_test.go
index 5682dded4..d76eb7cef 100644
--- a/internal/kms/kms_util_test.go
+++ b/internal/kms/kms_util_test.go
@@ -20,7 +20,7 @@ import (
 	"errors"
 	"testing"
 
-	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 func TestSetConfigInt(t *testing.T) {
@@ -81,7 +81,7 @@ func TestSetConfigInt(t *testing.T) {
 				t.Errorf("setConfigInt() error = %v, wantErr %v", err, currentTT.err)
 			}
 			if err != nil {
-				assert.NotEqual(t, currentTT.value, currentTT.args.option)
+				require.NotEqual(t, currentTT.value, currentTT.args.option)
 			}
 		})
 	}
diff --git a/internal/kms/secretskms_test.go b/internal/kms/secretskms_test.go
index 3845d76f0..757504b5c 100644
--- a/internal/kms/secretskms_test.go
+++ b/internal/kms/secretskms_test.go
@@ -20,7 +20,6 @@ import (
 	"context"
 	"testing"
 
-	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
 
@@ -32,24 +31,24 @@ func TestNewSecretsKMS(t *testing.T) {
 	kms, err := newSecretsKMS(ProviderInitArgs{
 		Secrets: secrets,
 	})
-	assert.Error(t, err)
-	assert.Nil(t, kms)
+	require.Error(t, err)
+	require.Nil(t, kms)
 
 	// set a passphrase and it should pass
 	secrets[encryptionPassphraseKey] = "plaintext encryption key"
 	kms, err = newSecretsKMS(ProviderInitArgs{
 		Secrets: secrets,
 	})
-	assert.NotNil(t, kms)
-	assert.NoError(t, err)
+	require.NotNil(t, kms)
+	require.NoError(t, err)
 }
 
 func TestGenerateNonce(t *testing.T) {
 	t.Parallel()
 	size := 64
 	nonce, err := generateNonce(size)
-	assert.Equal(t, size, len(nonce))
-	assert.NoError(t, err)
+	require.Len(t, nonce, size)
+	require.NoError(t, err)
 }
 
 func TestGenerateCipher(t *testing.T) {
@@ -59,8 +58,8 @@ func TestGenerateCipher(t *testing.T) {
 	salt := "unique-id-for-the-volume"
 
 	aead, err := generateCipher(passphrase, salt)
-	assert.NoError(t, err)
-	assert.NotNil(t, aead)
+	require.NoError(t, err)
+	require.NotNil(t, aead)
 }
 
 func TestInitSecretsMetadataKMS(t *testing.T) {
@@ -73,16 +72,16 @@ func TestInitSecretsMetadataKMS(t *testing.T) {
 
 	// passphrase it not set, init should fail
 	kms, err := initSecretsMetadataKMS(args)
-	assert.Error(t, err)
-	assert.Nil(t, kms)
+	require.Error(t, err)
+	require.Nil(t, kms)
 
 	// set a passphrase to get a working KMS
 	args.Secrets[encryptionPassphraseKey] = "my-passphrase-from-kubernetes"
 
 	kms, err = initSecretsMetadataKMS(args)
-	assert.NoError(t, err)
+	require.NoError(t, err)
 	require.NotNil(t, kms)
-	assert.Equal(t, DEKStoreMetadata, kms.RequiresDEKStore())
+	require.Equal(t, DEKStoreMetadata, kms.RequiresDEKStore())
 }
 
 func TestWorkflowSecretsMetadataKMS(t *testing.T) {
@@ -98,7 +97,7 @@ func TestWorkflowSecretsMetadataKMS(t *testing.T) {
 	volumeID := "csi-vol-1b00f5f8-b1c1-11e9-8421-9243c1f659f0"
 
 	kms, err := initSecretsMetadataKMS(args)
-	assert.NoError(t, err)
+	require.NoError(t, err)
 	require.NotNil(t, kms)
 
 	// plainDEK is the (LUKS) passphrase for the volume
@@ -107,25 +106,25 @@ func TestWorkflowSecretsMetadataKMS(t *testing.T) {
 	ctx := context.TODO()
 
 	encryptedDEK, err := kms.EncryptDEK(ctx, volumeID, plainDEK)
-	assert.NoError(t, err)
-	assert.NotEqual(t, "", encryptedDEK)
-	assert.NotEqual(t, plainDEK, encryptedDEK)
+	require.NoError(t, err)
+	require.NotEqual(t, "", encryptedDEK)
+	require.NotEqual(t, plainDEK, encryptedDEK)
 
 	// with an incorrect volumeID, decrypting should fail
 	decryptedDEK, err := kms.DecryptDEK(ctx, "incorrect-volumeID", encryptedDEK)
-	assert.Error(t, err)
-	assert.Equal(t, "", decryptedDEK)
-	assert.NotEqual(t, plainDEK, decryptedDEK)
+	require.Error(t, err)
+	require.Equal(t, "", decryptedDEK)
+	require.NotEqual(t, plainDEK, decryptedDEK)
 
 	// with the right volumeID, decrypting should return the plainDEK
 	decryptedDEK, err = kms.DecryptDEK(ctx, volumeID, encryptedDEK)
-	assert.NoError(t, err)
-	assert.NotEqual(t, "", decryptedDEK)
-	assert.Equal(t, plainDEK, decryptedDEK)
+	require.NoError(t, err)
+	require.NotEqual(t, "", decryptedDEK)
+	require.Equal(t, plainDEK, decryptedDEK)
 }
 
 func TestSecretsMetadataKMSRegistered(t *testing.T) {
 	t.Parallel()
 	_, ok := kmsManager.providers[kmsTypeSecretsMetadata]
-	assert.True(t, ok)
+	require.True(t, ok)
 }
diff --git a/internal/kms/vault_sa_test.go b/internal/kms/vault_sa_test.go
index 537bc2049..e3b119b6b 100644
--- a/internal/kms/vault_sa_test.go
+++ b/internal/kms/vault_sa_test.go
@@ -20,13 +20,13 @@ import (
 	"errors"
 	"testing"
 
-	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 func TestVaultTenantSAKMSRegistered(t *testing.T) {
 	t.Parallel()
 	_, ok := kmsManager.providers[kmsTypeVaultTenantSA]
-	assert.True(t, ok)
+	require.True(t, ok)
 }
 
 func TestTenantSAParseConfig(t *testing.T) {
diff --git a/internal/kms/vault_test.go b/internal/kms/vault_test.go
index 70abbbb2c..6a059d815 100644
--- a/internal/kms/vault_test.go
+++ b/internal/kms/vault_test.go
@@ -22,7 +22,6 @@ import (
 	"testing"
 
 	loss "github.com/libopenstorage/secrets"
-	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
 
@@ -113,8 +112,8 @@ func TestDefaultVaultDestroyKeys(t *testing.T) {
 	require.NoError(t, err)
 	keyContext := vc.getDeleteKeyContext()
 	destroySecret, ok := keyContext[loss.DestroySecret]
-	assert.NotEqual(t, destroySecret, "")
-	assert.True(t, ok)
+	require.NotEqual(t, "", destroySecret)
+	require.True(t, ok)
 
 	// setting vaultDestroyKeys to !true should remove the loss.DestroySecret entry
 	config["vaultDestroyKeys"] = "false"
@@ -122,11 +121,11 @@ func TestDefaultVaultDestroyKeys(t *testing.T) {
 	require.NoError(t, err)
 	keyContext = vc.getDeleteKeyContext()
 	_, ok = keyContext[loss.DestroySecret]
-	assert.False(t, ok)
+	require.False(t, ok)
 }
 
 func TestVaultKMSRegistered(t *testing.T) {
 	t.Parallel()
 	_, ok := kmsManager.providers[kmsTypeVault]
-	assert.True(t, ok)
+	require.True(t, ok)
 }
diff --git a/internal/kms/vault_tokens_test.go b/internal/kms/vault_tokens_test.go
index 404d3d035..b14f1c249 100644
--- a/internal/kms/vault_tokens_test.go
+++ b/internal/kms/vault_tokens_test.go
@@ -25,7 +25,6 @@ import (
 
 	"github.com/hashicorp/vault/api"
 	loss "github.com/libopenstorage/secrets"
-	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
 
@@ -205,18 +204,18 @@ func TestTransformConfig(t *testing.T) {
 
 	config, err := transformConfig(cm)
 	require.NoError(t, err)
-	assert.Equal(t, config["encryptionKMSType"], cm["KMS_PROVIDER"])
-	assert.Equal(t, config["vaultAddress"], cm["VAULT_ADDR"])
-	assert.Equal(t, config["vaultBackend"], cm["VAULT_BACKEND"])
-	assert.Equal(t, config["vaultBackendPath"], cm["VAULT_BACKEND_PATH"])
-	assert.Equal(t, config["vaultDestroyKeys"], cm["VAULT_DESTROY_KEYS"])
-	assert.Equal(t, config["vaultCAFromSecret"], cm["VAULT_CACERT"])
-	assert.Equal(t, config["vaultTLSServerName"], cm["VAULT_TLS_SERVER_NAME"])
-	assert.Equal(t, config["vaultClientCertFromSecret"], cm["VAULT_CLIENT_CERT"])
-	assert.Equal(t, config["vaultClientCertKeyFromSecret"], cm["VAULT_CLIENT_KEY"])
-	assert.Equal(t, config["vaultAuthNamespace"], cm["VAULT_AUTH_NAMESPACE"])
-	assert.Equal(t, config["vaultNamespace"], cm["VAULT_NAMESPACE"])
-	assert.Equal(t, config["vaultCAVerify"], "false")
+	require.Equal(t, cm["KMS_PROVIDER"], config["encryptionKMSType"])
+	require.Equal(t, cm["VAULT_ADDR"], config["vaultAddress"])
+	require.Equal(t, cm["VAULT_BACKEND"], config["vaultBackend"])
+	require.Equal(t, cm["VAULT_BACKEND_PATH"], config["vaultBackendPath"])
+	require.Equal(t, cm["VAULT_DESTROY_KEYS"], config["vaultDestroyKeys"])
+	require.Equal(t, cm["VAULT_CACERT"], config["vaultCAFromSecret"])
+	require.Equal(t, cm["VAULT_TLS_SERVER_NAME"], config["vaultTLSServerName"])
+	require.Equal(t, cm["VAULT_CLIENT_CERT"], config["vaultClientCertFromSecret"])
+	require.Equal(t, cm["VAULT_CLIENT_KEY"], config["vaultClientCertKeyFromSecret"])
+	require.Equal(t, cm["VAULT_AUTH_NAMESPACE"], config["vaultAuthNamespace"])
+	require.Equal(t, cm["VAULT_NAMESPACE"], config["vaultNamespace"])
+	require.Equal(t, "false", config["vaultCAVerify"])
 }
 
 func TestTransformConfigDefaults(t *testing.T) {
@@ -226,15 +225,15 @@ func TestTransformConfigDefaults(t *testing.T) {
 
 	config, err := transformConfig(cm)
 	require.NoError(t, err)
-	assert.Equal(t, config["encryptionKMSType"], cm["KMS_PROVIDER"])
-	assert.Equal(t, config["vaultDestroyKeys"], vaultDefaultDestroyKeys)
-	assert.Equal(t, config["vaultCAVerify"], strconv.FormatBool(vaultDefaultCAVerify))
+	require.Equal(t, cm["KMS_PROVIDER"], config["encryptionKMSType"])
+	require.Equal(t, vaultDefaultDestroyKeys, config["vaultDestroyKeys"])
+	require.Equal(t, strconv.FormatBool(vaultDefaultCAVerify), config["vaultCAVerify"])
 }
 
 func TestVaultTokensKMSRegistered(t *testing.T) {
 	t.Parallel()
 	_, ok := kmsManager.providers[kmsTypeVaultTokens]
-	assert.True(t, ok)
+	require.True(t, ok)
 }
 
 func TestSetTenantAuthNamespace(t *testing.T) {
@@ -259,7 +258,7 @@ func TestSetTenantAuthNamespace(t *testing.T) {
 
 		kms.setTenantAuthNamespace(config)
 
-		assert.Equal(tt, vaultNamespace, config["vaultAuthNamespace"])
+		require.Equal(tt, vaultNamespace, config["vaultAuthNamespace"])
 	})
 
 	t.Run("inherit vaultAuthNamespace", func(tt *testing.T) {
@@ -283,7 +282,7 @@ func TestSetTenantAuthNamespace(t *testing.T) {
 
 		// when inheriting from the global config, the config of the
 		// tenant should not have vaultAuthNamespace configured
-		assert.Equal(tt, nil, config["vaultAuthNamespace"])
+		require.Nil(tt, config["vaultAuthNamespace"])
 	})
 
 	t.Run("unset vaultAuthNamespace", func(tt *testing.T) {
@@ -306,7 +305,7 @@ func TestSetTenantAuthNamespace(t *testing.T) {
 		// global vaultAuthNamespace is not set, tenant
 		// vaultAuthNamespace will be configured as vaultNamespace by
 		// default
-		assert.Equal(tt, nil, config["vaultAuthNamespace"])
+		require.Nil(tt, config["vaultAuthNamespace"])
 	})
 
 	t.Run("no vaultNamespace", func(tt *testing.T) {
@@ -326,6 +325,6 @@ func TestSetTenantAuthNamespace(t *testing.T) {
 
 		kms.setTenantAuthNamespace(config)
 
-		assert.Equal(tt, nil, config["vaultAuthNamespace"])
+		require.Nil(tt, config["vaultAuthNamespace"])
 	})
 }