diff --git a/crates/tests/src/keyfork/derive/openpgp.rs b/crates/tests/src/keyfork/derive/openpgp.rs
index eeca3c6..6b72f77 100644
--- a/crates/tests/src/keyfork/derive/openpgp.rs
+++ b/crates/tests/src/keyfork/derive/openpgp.rs
@@ -7,50 +7,55 @@ use openpgp::{
     types::KeyFlags,
     Cert,
 };
+use keyforkd::test_util::{run_test, Panicable};
 
 const KEYFORK_BIN: &str = "keyfork";
 
 #[test]
 fn test() {
-    let policy = StandardPolicy::new();
+    run_test(b"AAAA", |_| {
+        let policy = StandardPolicy::new();
+        let command_output = Command::cargo_bin(KEYFORK_BIN)
+            .unwrap()
+            .args([
+                "derive",
+                "openpgp",
+                "--to-stdout",
+                "Ryan Heywood (RyanSquared) <ryan@distrust.co>",
+            ])
+            .assert()
+            .success();
 
-    let command_output = Command::cargo_bin(KEYFORK_BIN)
-        .unwrap()
-        .args([
-            "derive",
-            "openpgp",
-            "Ryan Heywood (RyanSquared) <ryan@distrust.co>",
-        ])
-        .assert()
-        .success();
+        let packets = PacketParser::from_bytes(&command_output.get_output().stdout).unwrap();
+        let cert = Cert::try_from(packets).unwrap();
 
-    let packets = PacketParser::from_bytes(&command_output.get_output().stdout).unwrap();
-    let cert = Cert::try_from(packets).unwrap();
-
-    // assert the cert contains _any_ secret key data
-    assert!(
-        cert.is_tsk(),
-        "exported key should contain secret key data, indicated by the key being a TSK"
-    );
-
-    // assert the correct keys were added in the correct order
-    let mut key_formats = std::collections::HashSet::from([
-        KeyFlags::empty().set_certification(),
-        KeyFlags::empty().set_signing(),
-        KeyFlags::empty()
-            .set_transport_encryption()
-            .set_storage_encryption(),
-        KeyFlags::empty().set_authentication(),
-    ]);
-    let valid_cert = cert.with_policy(&policy, None).unwrap();
-    for key in valid_cert.keys() {
-        let flags = key.key_flags().unwrap();
+        // assert the cert contains _any_ secret key data
         assert!(
-            key_formats.remove(&flags),
-            "could not find key flag set: {flags:?}"
+            cert.is_tsk(),
+            "exported key should contain secret key data, indicated by the key being a TSK"
         );
-        key.alive().expect("is live after being generated");
-        key.parts_into_secret().expect("has secret keys");
-    }
-    assert!(key_formats.is_empty(), "remaining key formats: {key_formats:?}");
+
+        // assert the correct keys were added in the correct order
+        let mut key_formats = std::collections::HashSet::from([
+            KeyFlags::empty().set_certification(),
+            KeyFlags::empty().set_signing(),
+            KeyFlags::empty()
+                .set_transport_encryption()
+                .set_storage_encryption(),
+            KeyFlags::empty().set_authentication(),
+        ]);
+        let valid_cert = cert.with_policy(&policy, None).unwrap();
+        for key in valid_cert.keys() {
+            let flags = key.key_flags().unwrap();
+            assert!(
+                key_formats.remove(&flags),
+                "could not find key flag set: {flags:?}"
+            );
+            key.alive().expect("is live after being generated");
+            key.parts_into_secret().expect("has secret keys");
+        }
+        assert!(key_formats.is_empty(), "remaining key formats: {key_formats:?}");
+
+        Panicable::Ok(())
+    }).unwrap();
 }