diff --git a/tough/src/sign.rs b/tough/src/sign.rs
index 848fa725..46acf715 100644
--- a/tough/src/sign.rs
+++ b/tough/src/sign.rs
@@ -175,11 +175,9 @@ pub fn decrypt_key(
     let decrypted_private_key_document =
         encrypted_private_key_document.decrypt(password.as_bytes())?;
     let decrypted_key_bytes: Vec<u8> = decrypted_private_key_document.as_ref().to_vec();
-    let decrypted_key_base64 = STANDARD.encode(&decrypted_key_bytes);
-    let pem_key = format!(
-        "-----BEGIN PRIVATE KEY-----\n{}\n-----END PRIVATE KEY-----",
-        decrypted_key_base64
-    );
+    let decrypted_key_base64 = STANDARD.encode(decrypted_key_bytes);
+    let pem_key =
+        format!("-----BEGIN PRIVATE KEY-----\n{decrypted_key_base64}\n-----END PRIVATE KEY-----");
     let pem_key_bytes = pem_key.as_bytes().to_vec();
     Ok(pem_key_bytes)
 }
diff --git a/tuftool/src/error.rs b/tuftool/src/error.rs
index 11e399f2..663c850c 100644
--- a/tuftool/src/error.rs
+++ b/tuftool/src/error.rs
@@ -356,7 +356,7 @@ pub(crate) enum Error {
         source: tokio::task::JoinError,
         backtrace: Backtrace,
     },
-    
+
     #[snafu(display("More passwords provided than key sources"))]
     MorePasswords { backtrace: Backtrace },
 
diff --git a/tuftool/src/root.rs b/tuftool/src/root.rs
index 8e88976d..615ea9f7 100644
--- a/tuftool/src/root.rs
+++ b/tuftool/src/root.rs
@@ -178,10 +178,7 @@ impl Command {
             } => {
                 let mut keys = Vec::new();
                 let default_password = String::new();
-                let passwords = match passwords {
-                    Some(pws) => pws,
-                    None => vec![],
-                };
+                let passwords = passwords.unwrap_or_default();
                 if passwords.len() > key_sources.len() {
                     error::MorePasswordsSnafu.fail()?;
                 }