diff --git a/apps/policy-engine/src/engine/__test__/e2e/tenant.spec.ts b/apps/policy-engine/src/engine/__test__/e2e/tenant.spec.ts
index a19cbd120..bc5d76a1e 100644
--- a/apps/policy-engine/src/engine/__test__/e2e/tenant.spec.ts
+++ b/apps/policy-engine/src/engine/__test__/e2e/tenant.spec.ts
@@ -1,9 +1,12 @@
 import { ConfigModule, ConfigService } from '@narval/config-module'
 import { EncryptionModuleOptionProvider } from '@narval/encryption-module'
+import { DataStoreConfiguration } from '@narval/policy-engine-shared'
+import { secp256k1PrivateKeyToJwk } from '@narval/signature'
 import { HttpStatus, INestApplication } from '@nestjs/common'
 import { Test, TestingModule } from '@nestjs/testing'
 import request from 'supertest'
 import { v4 as uuid } from 'uuid'
+import { generatePrivateKey } from 'viem/accounts'
 import { EngineService } from '../../../engine/core/service/engine.service'
 import { Config, load } from '../../../policy-engine.config'
 import {
@@ -29,6 +32,8 @@ describe('Tenant', () => {
   let tenantService: TenantService
   let engineService: EngineService
   let configService: ConfigService<Config>
+  let dataStoreConfiguration: DataStoreConfiguration
+  let createTenantPayload: CreateTenantDto
 
   const adminApiKey = 'test-admin-api-key'
 
@@ -36,17 +41,6 @@ describe('Tenant', () => {
 
   const dataStoreUrl = 'http://127.0.0.1:9999/test-data-store'
 
-  const dataStoreConfiguration = {
-    dataUrl: dataStoreUrl,
-    signatureUrl: dataStoreUrl
-  }
-
-  const createTenantPayload: CreateTenantDto = {
-    clientId,
-    entityDataStore: dataStoreConfiguration,
-    policyDataStore: dataStoreConfiguration
-  }
-
   beforeAll(async () => {
     module = await Test.createTestingModule({
       imports: [
@@ -73,6 +67,20 @@ describe('Tenant', () => {
     testPrismaService = module.get<TestPrismaService>(TestPrismaService)
     configService = module.get<ConfigService<Config>>(ConfigService)
 
+    const jwk = secp256k1PrivateKeyToJwk(generatePrivateKey())
+
+    dataStoreConfiguration = {
+      dataUrl: dataStoreUrl,
+      signatureUrl: dataStoreUrl,
+      keys: [jwk]
+    }
+
+    createTenantPayload = {
+      clientId,
+      entityDataStore: dataStoreConfiguration,
+      policyDataStore: dataStoreConfiguration
+    }
+
     await testPrismaService.truncateAll()
 
     await engineService.save({
@@ -108,14 +116,8 @@ describe('Tenant', () => {
         createdAt: expect.any(String),
         updatedAt: expect.any(String),
         dataStore: {
-          policy: {
-            ...dataStoreConfiguration,
-            keys: []
-          },
-          entity: {
-            ...dataStoreConfiguration,
-            keys: []
-          }
+          policy: dataStoreConfiguration,
+          entity: dataStoreConfiguration
         }
       })
       expect(body).toEqual({
diff --git a/apps/policy-engine/src/engine/http/rest/controller/tenant.controller.ts b/apps/policy-engine/src/engine/http/rest/controller/tenant.controller.ts
index 0d430410f..eccfa6811 100644
--- a/apps/policy-engine/src/engine/http/rest/controller/tenant.controller.ts
+++ b/apps/policy-engine/src/engine/http/rest/controller/tenant.controller.ts
@@ -20,14 +20,8 @@ export class TenantController {
       clientId: body.clientId || uuid(),
       clientSecret: randomBytes(42).toString('hex'),
       dataStore: {
-        entity: {
-          ...body.entityDataStore,
-          keys: []
-        },
-        policy: {
-          ...body.policyDataStore,
-          keys: []
-        }
+        entity: body.entityDataStore,
+        policy: body.policyDataStore
       },
       createdAt: now,
       updatedAt: now
diff --git a/apps/policy-engine/src/engine/http/rest/dto/create-tenant.dto.ts b/apps/policy-engine/src/engine/http/rest/dto/create-tenant.dto.ts
index e674b473c..61354a26c 100644
--- a/apps/policy-engine/src/engine/http/rest/dto/create-tenant.dto.ts
+++ b/apps/policy-engine/src/engine/http/rest/dto/create-tenant.dto.ts
@@ -1,24 +1,11 @@
-import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger'
-import { Type } from 'class-transformer'
-import { IsDefined, IsString } from 'class-validator'
+import { dataStoreConfigurationSchema } from '@narval/policy-engine-shared'
+import { createZodDto } from 'nestjs-zod'
+import { z } from 'zod'
 
-class DataStoreConfigurationDto {
-  dataUrl: string
-  signatureUrl: string
-}
+const createTenantSchema = z.object({
+  clientId: z.string().optional(),
+  entityDataStore: dataStoreConfigurationSchema,
+  policyDataStore: dataStoreConfigurationSchema
+})
 
-export class CreateTenantDto {
-  @IsString()
-  @ApiPropertyOptional()
-  clientId?: string
-
-  @IsDefined()
-  @Type(() => DataStoreConfigurationDto)
-  @ApiProperty()
-  entityDataStore: DataStoreConfigurationDto
-
-  @IsDefined()
-  @Type(() => DataStoreConfigurationDto)
-  @ApiProperty()
-  policyDataStore: DataStoreConfigurationDto
-}
+export class CreateTenantDto extends createZodDto(createTenantSchema) {}