diff --git a/pkg/provider/yandex/lockbox/client/fake/fake.go b/pkg/provider/yandex/lockbox/client/fake/fake.go
index c6764dddc..b0cd5f202 100644
--- a/pkg/provider/yandex/lockbox/client/fake/fake.go
+++ b/pkg/provider/yandex/lockbox/client/fake/fake.go
@@ -19,6 +19,7 @@ import (
 	"time"
 
 	"github.com/google/go-cmp/cmp"
+	"github.com/google/go-cmp/cmp/cmpopts"
 	"github.com/google/uuid"
 	"github.com/yandex-cloud/go-genproto/yandex/cloud/lockbox/v1"
 	"github.com/yandex-cloud/go-sdk/iamkey"
@@ -143,7 +144,7 @@ func (lb *LockboxBackend) getEntries(iamToken, secretID, versionID string) ([]*l
 	if lb.tokenMap[tokenKey{iamToken}].expiresAt.Before(lb.now) {
 		return nil, fmt.Errorf("iam token expired")
 	}
-	if !cmp.Equal(lb.tokenMap[tokenKey{iamToken}].authorizedKey, lb.secretMap[secretKey{secretID}].expectedAuthorizedKey) {
+	if !cmp.Equal(lb.tokenMap[tokenKey{iamToken}].authorizedKey, lb.secretMap[secretKey{secretID}].expectedAuthorizedKey, cmpopts.IgnoreUnexported(iamkey.Key{})) {
 		return nil, fmt.Errorf("permission denied")
 	}
 
diff --git a/pkg/provider/yandex/lockbox/lockbox_test.go b/pkg/provider/yandex/lockbox/lockbox_test.go
index 0f032c818..f142950ea 100644
--- a/pkg/provider/yandex/lockbox/lockbox_test.go
+++ b/pkg/provider/yandex/lockbox/lockbox_test.go
@@ -101,7 +101,7 @@ func TestNewClient(t *testing.T) {
 	err = createK8sSecret(ctx, k8sClient, namespace, caCertificateSecretName, caCertificateSecretKey, newFakeCACertificate())
 	tassert.Nil(t, err)
 	secretClient, err = provider.NewClient(context.Background(), store, k8sClient, namespace)
-	tassert.EqualError(t, err, "failed to create Yandex Lockbox client: private key parsing failed: Invalid Key: Key must be PEM encoded PKCS1 or PKCS8 private key")
+	tassert.EqualError(t, err, "failed to create Yandex Lockbox client: private key parsing failed: invalid key: Key must be a PEM encoded PKCS1 or PKCS8 key")
 	tassert.Nil(t, secretClient)
 }