diff --git a/internal/httputil/signer.go b/internal/httputil/signer.go
index d13589e4a7..59db9f7e23 100644
--- a/internal/httputil/signer.go
+++ b/internal/httputil/signer.go
@@ -76,6 +76,9 @@ func (s *Signer) Add(ctx context.Context, uri string) error {
 	if err != nil {
 		return err
 	}
+	if s.use == nil {
+		return errors.New("authority map not initialized, perhaps missing auth section in config")
+	}
 	a := u.Host
 	s.use[a] = struct{}{}
 	return nil
diff --git a/internal/httputil/signer_test.go b/internal/httputil/signer_test.go
new file mode 100644
index 0000000000..27b589c0c0
--- /dev/null
+++ b/internal/httputil/signer_test.go
@@ -0,0 +1,25 @@
+package httputil
+
+import (
+	"context"
+	"github.com/quay/clair/config"
+	"github.com/quay/zlog"
+	"gopkg.in/square/go-jose.v2/jwt"
+	"testing"
+)
+
+func TestNewSigner(t *testing.T) {
+	ctx := zlog.Test(context.Background(), t)
+	cfg := config.Config{}
+	signer, err := NewSigner(ctx, &cfg, jwt.Claims{})
+	if err != nil {
+		t.Error("signer initialization with empty config should succeed")
+	}
+	if signer.use != nil {
+		t.Error("signed request authority map should be non-initialized")
+	}
+	err = signer.Add(ctx, "http://test-url")
+	if err == nil {
+		t.Error("Adding host to non-initialized signed request authority map should fail")
+	}
+}