diff --git a/go.mod b/go.mod
index 8feafe8624..4ce1d09e10 100644
--- a/go.mod
+++ b/go.mod
@@ -92,7 +92,7 @@ require github.com/hashicorp/go-dbw v0.0.0-20220412153211-c470aec9369f // this i
 require (
 	github.com/DATA-DOG/go-sqlmock v1.5.0
 	github.com/hashicorp/go-kms-wrapping/extras/kms/v2 v2.0.0-20220515130442-cac0b5ac133b
-	github.com/hashicorp/nodeenrollment v0.0.0-20220603150451-f3e992e55fd8
+	github.com/hashicorp/nodeenrollment v0.0.0-20220603214204-cead023172f3
 )
 
 require (
diff --git a/go.sum b/go.sum
index 3b74234e01..9e8efeefad 100644
--- a/go.sum
+++ b/go.sum
@@ -740,8 +740,8 @@ github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+l
 github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
 github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
-github.com/hashicorp/nodeenrollment v0.0.0-20220603150451-f3e992e55fd8 h1:stSjcYW8rtmRUtmoN/Kw7d+ciZULbeSxtBjdl6jz1Vk=
-github.com/hashicorp/nodeenrollment v0.0.0-20220603150451-f3e992e55fd8/go.mod h1:8l3RSuZJAibZKnqX6tvLaeoFzPhDf4oCRVsyFjU5Soc=
+github.com/hashicorp/nodeenrollment v0.0.0-20220603214204-cead023172f3 h1:yGCgHpFf6g4VQKxP45r2vxQZXjequvcpm1x5XKg0oaU=
+github.com/hashicorp/nodeenrollment v0.0.0-20220603214204-cead023172f3/go.mod h1:8l3RSuZJAibZKnqX6tvLaeoFzPhDf4oCRVsyFjU5Soc=
 github.com/hashicorp/vault/api v1.3.1 h1:pkDkcgTh47PRjY1NEFeofqR4W/HkNUi9qIakESO2aRM=
 github.com/hashicorp/vault/api v1.3.1/go.mod h1:QeJoWxMFt+MsuWcYhmwRLwKEXrjwAFFywzhptMsTIUw=
 github.com/hashicorp/vault/sdk v0.1.13/go.mod h1:B+hVj7TpuQY1Y/GPbCpffmgd+tSEwvhkWnjtSYCaS2M=
diff --git a/internal/cmd/commands/dev/dev.go b/internal/cmd/commands/dev/dev.go
index eccea78dd4..70055bd7de 100644
--- a/internal/cmd/commands/dev/dev.go
+++ b/internal/cmd/commands/dev/dev.go
@@ -29,6 +29,7 @@ import (
 	"github.com/hashicorp/boundary/internal/types/scope"
 	"github.com/hashicorp/go-secure-stdlib/parseutil"
 	"github.com/hashicorp/go-secure-stdlib/strutil"
+	nodeefile "github.com/hashicorp/nodeenrollment/storage/file"
 	"github.com/mitchellh/cli"
 	"github.com/posener/complete"
 	"go.uber.org/atomic"
@@ -691,15 +692,15 @@ func (c *Command) Run(args []string) int {
 		}
 
 		if !c.flagUseEphemeralKmsWorkerAuthMethod {
-			req := c.worker.NodeeRegistrationRequest
+			req := c.worker.WorkerAuthRegistrationRequest
 			if req == "" {
-				c.UI.Error("No worker registration request found at worker start time")
+				c.UI.Error("No worker auth registration request found at worker start time")
 				return base.CommandCliError
 			}
-			c.InfoKeys = append(c.InfoKeys, "worker registration request")
-			c.Info["worker registration request"] = req
-			c.InfoKeys = append(c.InfoKeys, "worker current key id")
-			c.Info["worker current key id"] = c.worker.NodeeCurrentKeyId
+			c.InfoKeys = append(c.InfoKeys, "worker auth registration request")
+			c.Info["worker auth registration request"] = req
+			c.InfoKeys = append(c.InfoKeys, "worker auth current key id")
+			c.Info["worker auth current key id"] = c.worker.WorkerAuthCurrentKeyId
 			go func() {
 				for {
 					select {
@@ -772,7 +773,9 @@ func (c *Command) Run(args []string) int {
 
 			if !c.flagControllerOnly {
 				if !c.flagWorkerAuthStorageSkipCleanup {
-					c.worker.NodeeFileStorage.Cleanup()
+					if fileStorage, ok := c.worker.WorkerAuthStorage.(*nodeefile.FileStorage); ok {
+						fileStorage.Cleanup()
+					}
 				}
 				if err := c.worker.Shutdown(); err != nil {
 					c.UI.Error(fmt.Errorf("Error shutting down worker: %w", err).Error())
diff --git a/internal/cmd/commands/server/server.go b/internal/cmd/commands/server/server.go
index ca17036f44..a62cb8e9e1 100644
--- a/internal/cmd/commands/server/server.go
+++ b/internal/cmd/commands/server/server.go
@@ -464,7 +464,7 @@ func (c *Command) Run(args []string) int {
 			return base.CommandCliError
 		}
 		if c.WorkerAuthKms == nil {
-			req := c.worker.NodeeRegistrationRequest
+			req := c.worker.WorkerAuthRegistrationRequest
 			if req == "" {
 				retErr := fmt.Errorf("No worker registration request found at worker startup time")
 				if err := c.worker.Shutdown(); err != nil {
@@ -477,10 +477,10 @@ func (c *Command) Run(args []string) int {
 				}
 				return base.CommandCliError
 			}
-			c.InfoKeys = append(c.InfoKeys, "worker registration request")
-			c.Info["worker registration request"] = req
-			c.InfoKeys = append(c.InfoKeys, "worker current key id")
-			c.Info["worker current key id"] = c.worker.NodeeCurrentKeyId
+			c.InfoKeys = append(c.InfoKeys, "worker auth registration request")
+			c.Info["worker auth registration request"] = req
+			c.InfoKeys = append(c.InfoKeys, "worker auth current key id")
+			c.Info["worker auth current key id"] = c.worker.WorkerAuthCurrentKeyId
 		}
 	}
 
diff --git a/internal/daemon/worker/controller_connection.go b/internal/daemon/worker/controller_connection.go
index 66b5fce6b6..bd87c44573 100644
--- a/internal/daemon/worker/controller_connection.go
+++ b/internal/daemon/worker/controller_connection.go
@@ -74,7 +74,7 @@ func (w *Worker) controllerDialerFunc() func(context.Context, string) (net.Conn,
 		case w.conf.WorkerAuthKms != nil:
 			conn, err = w.v1KmsAuthDialFn(ctx, addr)
 		default:
-			conn, err = protocol.Dial(ctx, w.NodeeFileStorage, addr, nodeenrollment.WithWrapper(w.conf.WorkerAuthStorageKms))
+			conn, err = protocol.Dial(ctx, w.WorkerAuthStorage, addr, nodeenrollment.WithWrapper(w.conf.WorkerAuthStorageKms))
 		}
 
 		if !w.everAuthenticated.Load() && err == nil && conn != nil {
diff --git a/internal/daemon/worker/listeners.go b/internal/daemon/worker/listeners.go
index ed98ac8431..1aac3dfba0 100644
--- a/internal/daemon/worker/listeners.go
+++ b/internal/daemon/worker/listeners.go
@@ -123,7 +123,7 @@ func (w *Worker) configureForWorker(ln *base.ServerListener, logger *log.Logger)
 	interceptingListener, err := protocol.NewInterceptingListener(
 		&protocol.InterceptingListenerConfiguration{
 			Context:      w.baseContext,
-			Storage:      w.NodeeFileStorage,
+			Storage:      w.WorkerAuthStorage,
 			BaseListener: ln.ProxyListener,
 			BaseTlsConfiguration: &tls.Config{
 				GetConfigForClient: w.getSessionTls,
@@ -135,14 +135,14 @@ func (w *Worker) configureForWorker(ln *base.ServerListener, logger *log.Logger)
 		return nil, fmt.Errorf("error instantiating node auth listener: %w", err)
 	}
 
-	w.nodeeSplitListener = splitlistener.New(interceptingListener)
+	w.workerAuthSplitListener = splitlistener.New(interceptingListener)
 
 	downstreamServer := grpc.NewServer(
 		grpc.MaxRecvMsgSize(math.MaxInt32),
 		grpc.MaxSendMsgSize(math.MaxInt32),
 	)
 	multihopService, err := handlers.NewMultihopServiceServer(
-		w.NodeeFileStorage,
+		w.WorkerAuthStorage,
 		false,
 		w.controllerMultihopConn,
 	)
@@ -157,9 +157,9 @@ func (w *Worker) configureForWorker(ln *base.ServerListener, logger *log.Logger)
 	ln.GrpcServer = downstreamServer
 
 	return func() {
-		go w.nodeeSplitListener.Start()
-		go httpServer.Serve(w.nodeeSplitListener.OtherListener())
-		go ln.GrpcServer.Serve(w.nodeeSplitListener.NodeEnrollmentListener())
+		go w.workerAuthSplitListener.Start()
+		go httpServer.Serve(w.workerAuthSplitListener.OtherListener())
+		go ln.GrpcServer.Serve(w.workerAuthSplitListener.NodeEnrollmentListener())
 	}, nil
 }
 
@@ -172,21 +172,21 @@ func (w *Worker) stopServersAndListeners() error {
 	// really likes to hang on closing. Maybe because it's never served a
 	// connection? This is a workaround to force it until I can dig in.
 	var cancel context.CancelFunc
-	if w.nodeeSplitListener != nil {
+	if w.workerAuthSplitListener != nil {
 		var ctx context.Context
 		ctx, cancel = context.WithTimeout(w.baseContext, 2*time.Second)
 		go func() {
 			<-ctx.Done()
-			w.nodeeSplitListener.Stop()
+			w.workerAuthSplitListener.Stop()
 			cancel()
 		}()
 	}
 
 	stopErrors := mg.Wait()
 
-	if w.nodeeSplitListener != nil {
+	if w.workerAuthSplitListener != nil {
 		cancel()
-		err := w.nodeeSplitListener.Stop()
+		err := w.workerAuthSplitListener.Stop()
 		if err != nil {
 			stopErrors = multierror.Append(stopErrors, err)
 		}
@@ -237,8 +237,8 @@ func (w *Worker) stopAnyListeners() error {
 	}
 	var closeErrors *multierror.Error
 	var err error
-	if w.nodeeSplitListener != nil {
-		err = w.nodeeSplitListener.Stop()
+	if w.workerAuthSplitListener != nil {
+		err = w.workerAuthSplitListener.Stop()
 	} else if w.proxyListener.ProxyListener != nil {
 		err = w.proxyListener.ProxyListener.Close()
 	}
diff --git a/internal/daemon/worker/worker.go b/internal/daemon/worker/worker.go
index b4d5d417ce..a8cee07269 100644
--- a/internal/daemon/worker/worker.go
+++ b/internal/daemon/worker/worker.go
@@ -74,11 +74,11 @@ type Worker struct {
 	// SIGHUP.
 	updateTags *ua.Bool
 
-	// PoC: Testing bits for BYOW
-	NodeeFileStorage         *nodeefile.FileStorage
-	NodeeCurrentKeyId        string
-	NodeeRegistrationRequest string
-	nodeeSplitListener       *splitlistener.SplitListener
+	// The storage for node enrollment
+	WorkerAuthStorage             nodeenrollment.Storage
+	WorkerAuthCurrentKeyId        string
+	WorkerAuthRegistrationRequest string
+	workerAuthSplitListener       *splitlistener.SplitListener
 
 	// Test-specific options
 	TestOverrideX509VerifyDnsName  string
@@ -161,7 +161,7 @@ func New(conf *Config) (*Worker, error) {
 		return nil, fmt.Errorf("exactly one proxy listener is required")
 	}
 
-	w.NodeeFileStorage, err = nodeefile.NewFileStorage(w.baseContext,
+	w.WorkerAuthStorage, err = nodeefile.New(w.baseContext,
 		nodeefile.WithBaseDirectory(w.conf.RawConfig.Worker.AuthStoragePath))
 	if err != nil {
 		return nil, err
@@ -188,7 +188,7 @@ func (w *Worker) Start() error {
 		return fmt.Errorf("error starting worker listeners: %w", err)
 	}
 
-	nodeCreds, err := types.NewNodeCredentials(w.baseContext, w.NodeeFileStorage, nodeenrollment.WithWrapper(w.conf.WorkerAuthStorageKms))
+	nodeCreds, err := types.NewNodeCredentials(w.baseContext, w.WorkerAuthStorage, nodeenrollment.WithWrapper(w.conf.WorkerAuthStorageKms))
 	if err != nil {
 		return fmt.Errorf("error generating new node creds: %w", err)
 	}
@@ -201,11 +201,11 @@ func (w *Worker) Start() error {
 	if err != nil {
 		return fmt.Errorf("error marshaling fetch credentials request: %w", err)
 	}
-	w.NodeeRegistrationRequest = base58.FastBase58Encoding(reqBytes)
+	w.WorkerAuthRegistrationRequest = base58.FastBase58Encoding(reqBytes)
 	if err != nil {
 		return fmt.Errorf("error encoding registration request: %w", err)
 	}
-	w.NodeeCurrentKeyId, err = nodeenrollment.KeyIdFromPkix(nodeCreds.CertificatePublicKeyPkix)
+	w.WorkerAuthCurrentKeyId, err = nodeenrollment.KeyIdFromPkix(nodeCreds.CertificatePublicKeyPkix)
 	if err != nil {
 		return fmt.Errorf("error deriving key id: %w", err)
 	}
diff --git a/internal/servers/repository_workerauth_test.go b/internal/servers/repository_workerauth_test.go
index f6d54a4be0..061acbcd1c 100644
--- a/internal/servers/repository_workerauth_test.go
+++ b/internal/servers/repository_workerauth_test.go
@@ -158,7 +158,7 @@ func TestStoreWorkerAuth(t *testing.T) {
 	require.NoError(err)
 
 	// This happens on the worker
-	fileStorage, err := file.NewFileStorage(ctx)
+	fileStorage, err := file.New(ctx)
 	require.NoError(err)
 	nodeCreds, err := types.NewNodeCredentials(ctx, fileStorage)
 	require.NoError(err)
@@ -270,7 +270,7 @@ func TestStoreNodeInformationTx(t *testing.T) {
 
 	testNodeInfoFn := func() *types.NodeInformation {
 		// This happens on the worker
-		fileStorage, err := file.NewFileStorage(testCtx)
+		fileStorage, err := file.New(testCtx)
 		require.NoError(t, err)
 		nodeCreds, err := types.NewNodeCredentials(testCtx, fileStorage)
 		require.NoError(t, err)