diff --git a/services/crypto/crypto.c b/services/crypto/crypto.c
index 2e13f67bb9d..063d8a0ac38 100644
--- a/services/crypto/crypto.c
+++ b/services/crypto/crypto.c
@@ -6,10 +6,11 @@
 #include "memset_s.h"
 
 #define CRYPTO_KEY_SLOT (2)
-#define CRYPTO_VERIFY_KEY "FFF_Crypto_pass"
 #define CRYPTO_VERIFY_KEY_LENGTH (16)
 #define CRYPTO_ALIGNMENT_FACTOR (16)
 
+static const char* CRYPTO_VERIFY_KEY = "FFF_Crypto_pass";
+
 uint8_t* totp_crypto_encrypt(
     const uint8_t* plain_data,
     const size_t plain_data_length,
@@ -104,7 +105,7 @@ CryptoSeedIVResult
         plugin_state->crypto_verify_data_length = CRYPTO_VERIFY_KEY_LENGTH;
 
         plugin_state->crypto_verify_data = totp_crypto_encrypt(
-            (uint8_t*)CRYPTO_VERIFY_KEY,
+            (const uint8_t*)CRYPTO_VERIFY_KEY,
             CRYPTO_VERIFY_KEY_LENGTH,
             &plugin_state->iv[0],
             &plugin_state->crypto_verify_data_length);
@@ -119,7 +120,7 @@ CryptoSeedIVResult
 
 bool totp_crypto_verify_key(const PluginState* plugin_state) {
     size_t decrypted_key_length;
-    const uint8_t* decrypted_key = totp_crypto_decrypt(
+    uint8_t* decrypted_key = totp_crypto_decrypt(
         plugin_state->crypto_verify_data,
         plugin_state->crypto_verify_data_length,
         &plugin_state->iv[0],
@@ -130,5 +131,7 @@ bool totp_crypto_verify_key(const PluginState* plugin_state) {
         if(decrypted_key[i] != CRYPTO_VERIFY_KEY[i]) key_valid = false;
     }
 
+    free(decrypted_key);
+
     return key_valid;
 }
\ No newline at end of file