diff --git a/handler/api/repos/encrypt/encrypt.go b/handler/api/repos/encrypt/encrypt.go
index 9c95e990..3ad156a7 100644
--- a/handler/api/repos/encrypt/encrypt.go
+++ b/handler/api/repos/encrypt/encrypt.go
@@ -71,7 +71,7 @@ func Handler(repos core.RepositoryStore) http.HandlerFunc {
 }
 
 func encrypt(plaintext, key []byte) (ciphertext []byte, err error) {
-	block, err := aes.NewCipher(key[:])
+	block, err := aes.NewCipher(key)
 	if err != nil {
 		return nil, err
 	}
diff --git a/handler/web/login.go b/handler/web/login.go
index 08ee23e6..6b2e660d 100644
--- a/handler/web/login.go
+++ b/handler/web/login.go
@@ -179,7 +179,7 @@ func HandleLogin(
 		logger.Debugf("authentication successful")
 
 		session.Create(w, user)
-		http.Redirect(w, r, redirect, 303)
+		http.Redirect(w, r, redirect, http.StatusSeeOther)
 	}
 }
 
@@ -199,7 +199,7 @@ func synchronize(ctx context.Context, syncer core.Syncer, user *core.User) {
 }
 
 func writeLoginError(w http.ResponseWriter, r *http.Request, err error) {
-	http.Redirect(w, r, "/login/error?message="+err.Error(), 303)
+	http.Redirect(w, r, "/login/error?message="+err.Error(), http.StatusSeeOther)
 }
 
 func writeLoginErrorStr(w http.ResponseWriter, r *http.Request, s string) {
diff --git a/metric/handler.go b/metric/handler.go
index 724e3b42..6f186aa1 100644
--- a/metric/handler.go
+++ b/metric/handler.go
@@ -44,9 +44,9 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	user, _ := s.session.Get(r)
 	switch {
 	case !s.anonymous && user == nil:
-		http.Error(w, errInvalidToken.Error(), 401)
+		http.Error(w, errInvalidToken.Error(), http.StatusUnauthorized)
 	case !s.anonymous && !user.Admin && !user.Machine:
-		http.Error(w, errAccessDenied.Error(), 403)
+		http.Error(w, errAccessDenied.Error(), http.StatusForbidden)
 	default:
 		s.metrics.ServeHTTP(w, r)
 	}
diff --git a/plugin/registry/encrypted.go b/plugin/registry/encrypted.go
index e35d1be2..f7a76a93 100644
--- a/plugin/registry/encrypted.go
+++ b/plugin/registry/encrypted.go
@@ -99,7 +99,7 @@ func getEncrypted(manifest *yaml.Manifest, match string) (data string, ok bool)
 }
 
 func decrypt(ciphertext []byte, key []byte) (plaintext []byte, err error) {
-	block, err := aes.NewCipher(key[:])
+	block, err := aes.NewCipher(key)
 	if err != nil {
 		return nil, err
 	}
diff --git a/plugin/secret/encrypted.go b/plugin/secret/encrypted.go
index 5270fa36..fb65feae 100644
--- a/plugin/secret/encrypted.go
+++ b/plugin/secret/encrypted.go
@@ -97,7 +97,7 @@ func getEncrypted(manifest *yaml.Manifest, match string) (data string, ok bool)
 }
 
 func decrypt(ciphertext []byte, key []byte) (plaintext []byte, err error) {
-	block, err := aes.NewCipher(key[:])
+	block, err := aes.NewCipher(key)
 	if err != nil {
 		return nil, err
 	}
diff --git a/server/server.go b/server/server.go
index 4c123241..93db19d8 100644
--- a/server/server.go
+++ b/server/server.go
@@ -67,9 +67,7 @@ func (s Server) listenAndServe(ctx context.Context) error {
 
 		return s1.Shutdown(ctxShutdown)
 	})
-	g.Go(func() error {
-		return s1.ListenAndServe()
-	})
+	g.Go(s1.ListenAndServe)
 	return g.Wait()
 }
 
@@ -83,9 +81,7 @@ func (s Server) listenAndServeTLS(ctx context.Context) error {
 		Addr:    ":https",
 		Handler: s.Handler,
 	}
-	g.Go(func() error {
-		return s1.ListenAndServe()
-	})
+	g.Go(s1.ListenAndServe)
 	g.Go(func() error {
 		return s2.ListenAndServeTLS(
 			s.Cert,
@@ -134,9 +130,7 @@ func (s Server) listenAndServeAcme(ctx context.Context) error {
 			MinVersion:     tls.VersionTLS12,
 		},
 	}
-	g.Go(func() error {
-		return s1.ListenAndServe()
-	})
+	g.Go(s1.ListenAndServe)
 	g.Go(func() error {
 		return s2.ListenAndServeTLS("", "")
 	})