diff --git a/api.go b/api.go
index d3d598a..2f76dce 100644
--- a/api.go
+++ b/api.go
@@ -22,7 +22,7 @@ type apiResponse struct {
 	Error     string     `json:"error,omitempty"`
 	ExpiresAt *time.Time `json:"expires_at,omitempty"`
 	Secret    string     `json:"secret,omitempty"`
-	SecretId  string     `json:"secret_id,omitempty"`
+	SecretID  string     `json:"secret_id,omitempty"`
 }
 
 type apiRequest struct {
@@ -83,7 +83,7 @@ func (a apiServer) handleCreate(res http.ResponseWriter, r *http.Request) {
 	a.jsonResponse(res, http.StatusCreated, apiResponse{
 		ExpiresAt: expiresAt,
 		Success:   true,
-		SecretId:  id,
+		SecretID:  id,
 	})
 }
 
@@ -124,10 +124,13 @@ func (a apiServer) errorResponse(res http.ResponseWriter, status int, err error,
 	})
 }
 
-func (a apiServer) jsonResponse(res http.ResponseWriter, status int, response apiResponse) {
+func (apiServer) jsonResponse(res http.ResponseWriter, status int, response apiResponse) {
 	res.Header().Set("Content-Type", "application/json")
 	res.Header().Set("Cache-Control", "no-store, max-age=0")
 	res.WriteHeader(status)
 
-	json.NewEncoder(res).Encode(response)
+	if err := json.NewEncoder(res).Encode(response); err != nil {
+		logrus.WithError(err).Error("encoding JSON response")
+		http.Error(res, `{"error":"could not encode response"}`, http.StatusInternalServerError)
+	}
 }
diff --git a/customize.go b/customize.go
index bf808c5..1a6f50a 100644
--- a/customize.go
+++ b/customize.go
@@ -38,7 +38,7 @@ func loadCustomize(filename string) (cust customize, err error) {
 		return cust, nil
 	}
 
-	cf, err := os.Open(filename)
+	cf, err := os.Open(filename) //#nosec:G304 // Loading a custom file is the intention here
 	if err != nil {
 		if errors.Is(err, fs.ErrNotExist) {
 			logrus.Warn("customize file given but not found")
@@ -46,7 +46,11 @@ func loadCustomize(filename string) (cust customize, err error) {
 		}
 		return cust, errors.Wrap(err, "opening customize file")
 	}
-	defer cf.Close()
+	defer func() {
+		if err := cf.Close(); err != nil {
+			logrus.WithError(err).Error("closing customize file (leaked fd)")
+		}
+	}()
 
 	if err = yaml.NewDecoder(cf).Decode(&cust); err != nil {
 		return cust, errors.Wrap(err, "decoding customize file")
diff --git a/main.go b/main.go
index 7e2b931..6ffc081 100644
--- a/main.go
+++ b/main.go
@@ -155,10 +155,12 @@ func assetDelivery(w http.ResponseWriter, r *http.Request) {
 
 	w.Header().Set("Content-Type", mime.TypeByExtension(ext))
 	w.Header().Set("X-Content-Type-Options", "nosniff")
-	w.Write(assetData)
+	if _, err = w.Write(assetData); err != nil {
+		logrus.WithError(err).Error("writing asset data")
+	}
 }
 
-func handleIndex(w http.ResponseWriter, r *http.Request) {
+func handleIndex(w http.ResponseWriter, _ *http.Request) {
 	inlineContentNonce := make([]byte, scriptNonceSize)
 	if _, err := rand.Read(inlineContentNonce); err != nil {
 		logrus.WithError(err).Error("generating script nonce")
diff --git a/storage.go b/storage.go
index 0f70d5f..f8ccdfa 100644
--- a/storage.go
+++ b/storage.go
@@ -6,7 +6,7 @@ import (
 	"time"
 )
 
-var errSecretNotFound = errors.New("Secret not found")
+var errSecretNotFound = errors.New("secret not found")
 
 type storage interface {
 	Create(secret string, expireIn time.Duration) (string, error)
@@ -20,6 +20,6 @@ func getStorageByType(t string) (storage, error) {
 	case "redis":
 		return newStorageRedis()
 	default:
-		return nil, fmt.Errorf("Storage type %q not found", t)
+		return nil, fmt.Errorf("storage type %q not found", t)
 	}
 }
diff --git a/storage_redis.go b/storage_redis.go
index fe841d6..f9dc056 100644
--- a/storage_redis.go
+++ b/storage_redis.go
@@ -53,14 +53,14 @@ func (s storageRedis) ReadAndDestroy(id string) (string, error) {
 		if errors.Is(err, redis.Nil) {
 			return "", errSecretNotFound
 		}
-		return "", err
+		return "", errors.Wrap(err, "getting key")
 	}
 
 	err = s.conn.Del(context.Background(), s.redisKey(id)).Err()
-	return string(secret), errors.Wrap(err, "deleting key")
+	return secret, errors.Wrap(err, "deleting key")
 }
 
-func (s storageRedis) redisKey(id string) string {
+func (storageRedis) redisKey(id string) string {
 	prefix := redisDefaultPrefix
 	if prfx := os.Getenv("REDIS_KEY"); prfx != "" {
 		prefix = prfx
diff --git a/tplFuncs.go b/tplFuncs.go
index d82e63e..24fc0bc 100644
--- a/tplFuncs.go
+++ b/tplFuncs.go
@@ -30,7 +30,7 @@ func assetSRIHash(assetName string) string {
 	}
 
 	h := sha512.New384()
-	h.Write(data)
+	_, _ = h.Write(data)
 	sum := h.Sum(nil)
 
 	sri := "sha384-" + base64.StdEncoding.EncodeToString(sum)