diff --git a/internal/api/middleware.go b/internal/api/middleware.go
index 22f09b9b..1c758817 100644
--- a/internal/api/middleware.go
+++ b/internal/api/middleware.go
@@ -37,13 +37,12 @@ func (s *Server) AuthMiddleware(next echo.HandlerFunc) echo.HandlerFunc {
 // VaultAuthMiddleware verifies JWT tokens and ensures users can only access their own vaults.
 func (s *Server) VaultAuthMiddleware(next echo.HandlerFunc) echo.HandlerFunc {
 	return func(c echo.Context) error {
-		if s.cfg.Auth.Enabled != nil && !*s.cfg.Auth.Enabled {
-			s.logger.Info("Auth is disabled, skipping token validation")
-			return next(c)
-		}
-
 		authHeader := c.Request().Header.Get(echo.HeaderAuthorization)
 		if authHeader == "" {
+			if s.cfg.Auth.Enabled != nil && !*s.cfg.Auth.Enabled {
+				s.logger.Info("Auth is disabled and no token provided")
+				return next(c)
+			}
 			return c.JSON(http.StatusUnauthorized, NewErrorResponseWithMessage(msgMissingAuthHeader))
 		}
 
diff --git a/internal/api/policy.go b/internal/api/policy.go
index df20d99b..afba7068 100644
--- a/internal/api/policy.go
+++ b/internal/api/policy.go
@@ -68,7 +68,7 @@ func (s *Server) CreatePluginPolicy(c echo.Context) error {
 		s.logger.WithError(err).Error("Failed to parse request")
 		return c.JSON(http.StatusBadRequest, NewErrorResponseWithMessage(msgRequestParseFailed))
 	}
-	if policy.ID.String() == "" {
+	if policy.ID == uuid.Nil {
 		policy.ID = uuid.New()
 	}
 	publicKey, ok := c.Get("vault_public_key").(string)
diff --git a/plugin/tasks/tasks.go b/plugin/tasks/tasks.go
index 730c5359..7c23308f 100644
--- a/plugin/tasks/tasks.go
+++ b/plugin/tasks/tasks.go
@@ -2,11 +2,21 @@ package tasks
 
 import (
 	"fmt"
+	"os"
 
 	"github.com/hibiken/asynq"
 )
 
-const QUEUE_NAME = "default_queue"
+const defaultQueueName = "default_queue"
+
+var QUEUE_NAME = getQueueName()
+
+func getQueueName() string {
+	if name := os.Getenv("TASK_QUEUE_NAME"); name != "" {
+		return name
+	}
+	return defaultQueueName
+}
 
 const (
 	TypeRecurringFeeRecord = "fee:recurringRecord"
diff --git a/vault/service.go b/vault/service.go
index 76c6c6ea..b7075ab2 100644
--- a/vault/service.go
+++ b/vault/service.go
@@ -209,10 +209,11 @@ func (s *ManagementService) HandleReshareDKLS(ctx context.Context, t *asynq.Task
 	}
 
 	s.logger.WithFields(logrus.Fields{
-		"name":           req.Name,
-		"session":        req.SessionID,
-		"local_party_id": req.LocalPartyId,
-		"email":          req.Email,
+		"name":               req.Name,
+		"session":            req.SessionID,
+		"request_party_id":   req.LocalPartyId,
+		"local_party_prefix": s.cfg.LocalPartyPrefix,
+		"email":              req.Email,
 	}).Info("reshare request")
 	if err := req.IsValid(); err != nil {
 		return fmt.Errorf("invalid reshare request: %s: %w", err, asynq.SkipRetry)
@@ -223,12 +224,15 @@ func (s *ManagementService) HandleReshareDKLS(ctx context.Context, t *asynq.Task
 	vaultFileName := vcommon.GetVaultBackupFilename(req.PublicKey, req.PluginID)
 	vaultContent, err := s.vaultStorage.GetVault(vaultFileName)
 	if err != nil || vaultContent == nil {
+		// Generate local party ID using the configured prefix, NOT the one from the request
+		// Each plugin/service should have its own party ID based on its LocalPartyPrefix config
+		localPartyID := s.cfg.LocalPartyPrefix + "-" + req.SessionID[:8]
 		vault = &vaultType.Vault{
 			Name:           req.Name,
 			PublicKeyEcdsa: "",
 			PublicKeyEddsa: "",
 			HexChainCode:   req.HexChainCode,
-			LocalPartyId:   vcommon.GenerateLocalPartyId(s.cfg.LocalPartyPrefix),
+			LocalPartyId:   localPartyID,
 			Signers:        req.OldParties,
 			LibType:        keygenType.LibType_LIB_TYPE_DKLS,
 		}
diff --git a/worker-config.json b/worker-config.json
new file mode 100644
index 00000000..3c9ed772
--- /dev/null
+++ b/worker-config.json
@@ -0,0 +1,34 @@
+{
+  "log_format": "text",
+  "vault_service": {
+    "relay": {
+      "server": "https://api.vultisig.com/router"
+    },
+    "local_party_prefix": "verifier",
+    "encryption_secret": "test123",
+    "do_setup_msg": false
+  },
+  "redis": {
+    "host": "localhost",
+    "port": "6379"
+  },
+  "block_storage": {
+    "host": "http://localhost:9000",
+    "region": "us-east-1",
+    "access_key": "minioadmin",
+    "secret": "minioadmin",
+    "bucket": "vultisig-verifier"
+  },
+  "database": {
+    "dsn": "postgres://myuser:mypassword@localhost:5432/vultisig-verifier?sslmode=disable"
+  },
+  "plugin": {},
+  "fees": {
+    "usdc_address": "0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48"
+  },
+  "metrics": {
+    "enabled": true,
+    "host": "0.0.0.0",
+    "port": 8089
+  }
+}