diff --git a/authority/authority.go b/authority/authority.go
index 84c0d27a5..c112bc257 100644
--- a/authority/authority.go
+++ b/authority/authority.go
@@ -8,7 +8,6 @@ import (
 	"crypto/sha256"
 	"crypto/x509"
 	"encoding/hex"
-	"io"
 	"log"
 	"net/http"
 	"strings"
@@ -972,31 +971,3 @@ func (a *Authority) startCRLGenerator() error {
 
 	return nil
 }
-
-type instrumentedKeyManager struct {
-	kms.KeyManager
-	meter Meter
-}
-
-func (i *instrumentedKeyManager) CreateSigner(req *kmsapi.CreateSignerRequest) (s crypto.Signer, err error) {
-	if s, err = i.KeyManager.CreateSigner(req); err == nil {
-		s = &instrumentedKMSSigner{s, i.meter}
-	}
-
-	return
-}
-
-type instrumentedKMSSigner struct {
-	crypto.Signer
-	meter Meter
-}
-
-func (i *instrumentedKMSSigner) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte, error) {
-	s, err := i.Signer.Sign(rand, digest, opts)
-	defer i.meter.KMSSigned(err)
-
-	if err != nil {
-		return nil, err
-	}
-	return s, nil
-}
diff --git a/authority/meter.go b/authority/meter.go
index 6dec209ed..f8e38635f 100644
--- a/authority/meter.go
+++ b/authority/meter.go
@@ -1,6 +1,14 @@
 package authority
 
-import "github.com/smallstep/certificates/authority/provisioner"
+import (
+	"crypto"
+	"io"
+
+	"go.step.sm/crypto/kms"
+	kmsapi "go.step.sm/crypto/kms/apiv1"
+
+	"github.com/smallstep/certificates/authority/provisioner"
+)
 
 // Meter wraps the set of defined callbacks for metrics gatherers.
 type Meter interface {
@@ -52,3 +60,31 @@ func (noopMeter) X509Signed(provisioner.Interface, error)            {}
 func (noopMeter) X509WebhookAuthorized(provisioner.Interface, error) {}
 func (noopMeter) X509WebhookEnriched(provisioner.Interface, error)   {}
 func (noopMeter) KMSSigned(error)                                    {}
+
+type instrumentedKeyManager struct {
+	kms.KeyManager
+	meter Meter
+}
+
+func (i *instrumentedKeyManager) CreateSigner(req *kmsapi.CreateSignerRequest) (s crypto.Signer, err error) {
+	if s, err = i.KeyManager.CreateSigner(req); err == nil {
+		s = &instrumentedKMSSigner{s, i.meter}
+	}
+
+	return
+}
+
+type instrumentedKMSSigner struct {
+	crypto.Signer
+	meter Meter
+}
+
+func (i *instrumentedKMSSigner) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte, error) {
+	s, err := i.Signer.Sign(rand, digest, opts)
+	defer i.meter.KMSSigned(err)
+
+	if err != nil {
+		return nil, err
+	}
+	return s, nil
+}