diff --git a/auth/backend.go b/auth/backend.go
index 230fb65..b0d3b54 100644
--- a/auth/backend.go
+++ b/auth/backend.go
@@ -55,7 +55,7 @@ func (b *NullBackend) Authenticate(username, password string) error {
 	return fmt.Errorf("invalid username/password")
 }
 
-func NewBackend(conf *Config, prom *prometheus.Registry, infoLog, dbgLog *log.Logger) (Backend, error) {
+func NewBackend(conf *Config, prom prometheus.Registerer, infoLog, dbgLog *log.Logger) (Backend, error) {
 	if infoLog == nil {
 		infoLog = log.New(io.Discard, "", 0)
 	}
diff --git a/auth/backend_ldap.go b/auth/backend_ldap.go
index 01178ca..01967be 100644
--- a/auth/backend_ldap.go
+++ b/auth/backend_ldap.go
@@ -60,7 +60,7 @@ type LDAPBackend struct {
 	dbgLog  *log.Logger
 }
 
-func NewLDAPBackend(conf *LDAPConfig, prom *prometheus.Registry, infoLog, dbgLog *log.Logger) (Backend, error) {
+func NewLDAPBackend(conf *LDAPConfig, prom prometheus.Registerer, infoLog, dbgLog *log.Logger) (Backend, error) {
 	if conf.UserSearchBase == "" {
 		conf.UserSearchBase = conf.RootDN
 	}
@@ -88,7 +88,7 @@ func NewLDAPBackend(conf *LDAPConfig, prom *prometheus.Registry, infoLog, dbgLog
 	return b, nil
 }
 
-func (b *LDAPBackend) initPrometheus(prom *prometheus.Registry) error {
+func (b *LDAPBackend) initPrometheus(prom prometheus.Registerer) error {
 	// TODO: implement this!
 	return nil
 }
diff --git a/auth/backend_static.go b/auth/backend_static.go
index 201351f..7398626 100644
--- a/auth/backend_static.go
+++ b/auth/backend_static.go
@@ -50,7 +50,7 @@ type StaticBackend struct {
 	dbgLog   *log.Logger
 }
 
-func NewStaticBackend(conf *StaticConfig, prom *prometheus.Registry, infoLog, dbgLog *log.Logger) (Backend, error) {
+func NewStaticBackend(conf *StaticConfig, prom prometheus.Registerer, infoLog, dbgLog *log.Logger) (Backend, error) {
 	file, err := htpasswd.New(conf.HTPasswd, htpasswd.DefaultSystems, func(err error) {
 		dbgLog.Printf("static: found invalid line: %v", err)
 	})
@@ -88,7 +88,7 @@ func (b *StaticBackend) watchFileEventCB(event fsnotify.Event) {
 	b.dbgLog.Printf("static: htpasswd file successfully reloaded")
 }
 
-func (b *StaticBackend) initPrometheus(prom *prometheus.Registry) error {
+func (b *StaticBackend) initPrometheus(prom prometheus.Registerer) error {
 	// TODO: implement this!
 	return nil
 }
diff --git a/auth/backend_whawty.go b/auth/backend_whawty.go
index 65621f7..da498a3 100644
--- a/auth/backend_whawty.go
+++ b/auth/backend_whawty.go
@@ -70,7 +70,7 @@ type WhawtyAuthBackend struct {
 	dbgLog          *log.Logger
 }
 
-func NewWhawtyAuthBackend(conf *WhawtyAuthConfig, prom *prometheus.Registry, infoLog, dbgLog *log.Logger) (Backend, error) {
+func NewWhawtyAuthBackend(conf *WhawtyAuthConfig, prom prometheus.Registerer, infoLog, dbgLog *log.Logger) (Backend, error) {
 	s, err := store.NewDirFromConfig(conf.ConfigFile)
 	if err != nil {
 		infoLog.Printf("whawty-auth: failed to intialize store: %v", err)
@@ -198,7 +198,7 @@ func (b *WhawtyAuthBackend) watchFileEventCB(event fsnotify.Event) {
 	b.infoLog.Printf("whawty-auth: successfully reloaded from: %s (%d parameter-sets loaded)", event.Name, len(b.store.Params))
 }
 
-func (b *WhawtyAuthBackend) initPrometheus(prom *prometheus.Registry) error {
+func (b *WhawtyAuthBackend) initPrometheus(prom prometheus.Registerer) error {
 	// TODO: implement this!
 	return nil
 }
diff --git a/cookie/backend_bolt.go b/cookie/backend_bolt.go
index 8fc261a..f5b2aca 100644
--- a/cookie/backend_bolt.go
+++ b/cookie/backend_bolt.go
@@ -58,7 +58,7 @@ type BoltBackend struct {
 	db *bolt.DB
 }
 
-func NewBoltBackend(conf *BoltBackendConfig, prom *prometheus.Registry) (*BoltBackend, error) {
+func NewBoltBackend(conf *BoltBackendConfig, prom prometheus.Registerer) (*BoltBackend, error) {
 	db, err := bolt.Open(conf.Path, 0600, &bolt.Options{Timeout: time.Second})
 	if err != nil {
 		if err == bolt.ErrTimeout {
@@ -86,7 +86,7 @@ func NewBoltBackend(conf *BoltBackendConfig, prom *prometheus.Registry) (*BoltBa
 	return b, nil
 }
 
-func (b *BoltBackend) initPrometheus(prom *prometheus.Registry) error {
+func (b *BoltBackend) initPrometheus(prom prometheus.Registerer) error {
 	// TODO: implement this!
 	return nil
 }
diff --git a/cookie/backend_in-memory.go b/cookie/backend_in-memory.go
index daab892..4f8742a 100644
--- a/cookie/backend_in-memory.go
+++ b/cookie/backend_in-memory.go
@@ -54,7 +54,7 @@ type InMemoryBackend struct {
 	revoked  map[ulid.ULID]SessionBase
 }
 
-func NewInMemoryBackend(conf *InMemoryBackendConfig, prom *prometheus.Registry) (*InMemoryBackend, error) {
+func NewInMemoryBackend(conf *InMemoryBackendConfig, prom prometheus.Registerer) (*InMemoryBackend, error) {
 	m := &InMemoryBackend{}
 	m.sessions = make(map[string]InMemorySessionMap)
 	m.revoked = make(map[ulid.ULID]SessionBase)
@@ -66,7 +66,7 @@ func NewInMemoryBackend(conf *InMemoryBackendConfig, prom *prometheus.Registry)
 	return m, nil
 }
 
-func (b *InMemoryBackend) initPrometheus(prom *prometheus.Registry) error {
+func (b *InMemoryBackend) initPrometheus(prom prometheus.Registerer) error {
 	// TODO: implement this!
 	return nil
 }
diff --git a/cookie/store.go b/cookie/store.go
index ae557a2..33fb373 100644
--- a/cookie/store.go
+++ b/cookie/store.go
@@ -172,7 +172,7 @@ type Store struct {
 	dbgLog  *log.Logger
 }
 
-func NewStore(conf *Config, prom *prometheus.Registry, infoLog, dbgLog *log.Logger) (*Store, error) {
+func NewStore(conf *Config, prom prometheus.Registerer, infoLog, dbgLog *log.Logger) (*Store, error) {
 	if infoLog == nil {
 		infoLog = log.New(io.Discard, "", 0)
 	}
@@ -336,7 +336,7 @@ func (st *Store) runSync(interval time.Duration, baseURL *url.URL, host string,
 	}
 }
 
-func (st *Store) initBackend(conf *Config, prom *prometheus.Registry) (err error) {
+func (st *Store) initBackend(conf *Config, prom prometheus.Registerer) (err error) {
 	if conf.Backend.GCInterval <= time.Second {
 		st.infoLog.Printf("cookie-store: overriding invalid/unset GC interval to 5 minutes")
 		conf.Backend.GCInterval = 5 * time.Minute
@@ -386,7 +386,7 @@ func (st *Store) initBackend(conf *Config, prom *prometheus.Registry) (err error
 	return
 }
 
-func (st *Store) initPrometheus(prom *prometheus.Registry) error {
+func (st *Store) initPrometheus(prom prometheus.Registerer) error {
 	// TODO: implement this!
 	return nil
 }
diff --git a/cookie/store_test.go b/cookie/store_test.go
index cf411df..106d796 100644
--- a/cookie/store_test.go
+++ b/cookie/store_test.go
@@ -62,7 +62,7 @@ func TestSessionListEmptyJson(t *testing.T) {
 
 func TestNewStore(t *testing.T) {
 	conf := &Config{}
-	_, err := NewStore(conf, nil, nil)
+	_, err := NewStore(conf, nil, nil, nil)
 	if err == nil {
 		t.Fatal("initializing store from empty config should fail")
 	}
@@ -71,7 +71,7 @@ func TestNewStore(t *testing.T) {
 	conf.Keys = []SignerVerifierConfig{
 		SignerVerifierConfig{Name: "empty"},
 	}
-	_, err = NewStore(conf, nil, nil)
+	_, err = NewStore(conf, nil, nil, nil)
 	if err == nil {
 		t.Fatal("initializing store with bogus keys config should fail")
 	}
@@ -81,7 +81,7 @@ func TestNewStore(t *testing.T) {
 	conf.Keys = []SignerVerifierConfig{
 		SignerVerifierConfig{Name: "test", Ed25519: ed25519Conf},
 	}
-	_, err = NewStore(conf, nil, nil)
+	_, err = NewStore(conf, nil, nil, nil)
 	if err == nil {
 		t.Fatal("initializing store with corrupt keys config entries should fail")
 	}
@@ -90,7 +90,7 @@ func TestNewStore(t *testing.T) {
 	conf.Keys = []SignerVerifierConfig{
 		SignerVerifierConfig{Name: "test", Ed25519: ed25519Conf},
 	}
-	st, err := NewStore(conf, nil, nil)
+	st, err := NewStore(conf, nil, nil, nil)
 	if err != nil {
 		t.Fatal("unexpected error:", err)
 	}
@@ -109,7 +109,7 @@ func TestNewStore(t *testing.T) {
 	conf.Keys = []SignerVerifierConfig{
 		SignerVerifierConfig{Name: "test", Ed25519: ed25519Conf},
 	}
-	st, err = NewStore(conf, nil, nil)
+	st, err = NewStore(conf, nil, nil, nil)
 	if err != nil {
 		t.Fatal("unexpected error:", err)
 	}
@@ -118,7 +118,7 @@ func TestNewStore(t *testing.T) {
 	}
 
 	conf.Backend = StoreBackendConfig{}
-	_, err = NewStore(conf, nil, nil)
+	_, err = NewStore(conf, nil, nil, nil)
 	if err == nil {
 		t.Fatal("initializing store with empty backend config should fail")
 	}
@@ -135,7 +135,7 @@ func TestMultipleKeys(t *testing.T) {
 		SignerVerifierConfig{Name: "sign-and-verify", Ed25519: ed25519ConfSignAndVerify},
 	}
 	conf.Backend = StoreBackendConfig{InMemory: &InMemoryBackendConfig{}}
-	st, err := NewStore(conf, nil, nil)
+	st, err := NewStore(conf, nil, nil, nil)
 	if err != nil {
 		t.Fatal("unexpected error:", err)
 	}
@@ -163,17 +163,17 @@ func TestBackendSync(t *testing.T) {
 	}
 	conf.Backend = StoreBackendConfig{InMemory: &InMemoryBackendConfig{}}
 	conf.Backend.Sync = &StoreSyncConfig{BaseURL: ""}
-	_, err := NewStore(conf, nil, nil)
+	_, err := NewStore(conf, nil, nil, nil)
 	if err == nil {
 		t.Fatal("initializing store with empty sync base-url shoud fail")
 	}
 	conf.Backend.Sync = &StoreSyncConfig{BaseURL: "file:///not/a/http/url"}
-	_, err = NewStore(conf, nil, nil)
+	_, err = NewStore(conf, nil, nil, nil)
 	if err == nil {
 		t.Fatal("initializing store with non-http(s) sync base-url shoud fail")
 	}
 	conf.Backend.Sync = &StoreSyncConfig{BaseURL: "http://192.0.2.1"}
-	_, err = NewStore(conf, nil, nil)
+	_, err = NewStore(conf, nil, nil, nil)
 	if err != nil {
 		t.Fatal("unexpected error:", err)
 	}
@@ -185,7 +185,7 @@ func TestNew(t *testing.T) {
 		SignerVerifierConfig{Name: "verify-only", Ed25519: &Ed25519Config{PubKeyData: &testPubKeyEd25519Pem}},
 	}
 	conf.Backend = StoreBackendConfig{InMemory: &InMemoryBackendConfig{}}
-	st, err := NewStore(conf, nil, nil)
+	st, err := NewStore(conf, nil, nil, nil)
 	if err != nil {
 		t.Fatal("unexpected error:", err)
 	}
@@ -200,7 +200,7 @@ func TestNew(t *testing.T) {
 	conf.Keys = []SignerVerifierConfig{
 		SignerVerifierConfig{Name: "sign-and-verify", Ed25519: &Ed25519Config{PrivKeyData: &testPrivKeyEd25519Pem}},
 	}
-	st, err = NewStore(conf, nil, nil)
+	st, err = NewStore(conf, nil, nil, nil)
 	if err != nil {
 		t.Fatal("unexpected error:", err)
 	}
@@ -245,7 +245,7 @@ func TestVerify(t *testing.T) {
 		SignerVerifierConfig{Name: "sign-and-verify", Ed25519: &Ed25519Config{PrivKeyData: &testPrivKeyEd25519Pem}},
 	}
 	conf.Backend = StoreBackendConfig{InMemory: &InMemoryBackendConfig{}}
-	st, err := NewStore(conf, nil, nil)
+	st, err := NewStore(conf, nil, nil, nil)
 	if err != nil {
 		t.Fatal("unexpected error:", err)
 	}
@@ -336,7 +336,7 @@ func TestNewThenVerifyMultipleKeys(t *testing.T) {
 		SignerVerifierConfig{Name: "sign-and-verify", Ed25519: &Ed25519Config{PrivKeyData: &testPrivKeyEd25519Pem}},
 	}
 	conf.Backend = StoreBackendConfig{InMemory: &InMemoryBackendConfig{}}
-	st, err := NewStore(conf, nil, nil)
+	st, err := NewStore(conf, nil, nil, nil)
 	if err != nil {
 		t.Fatal("unexpected error:", err)
 	}
@@ -390,7 +390,7 @@ func TestListUser(t *testing.T) {
 		SignerVerifierConfig{Name: "sign-and-verify", Ed25519: &Ed25519Config{PrivKeyData: &testPrivKeyEd25519Pem}},
 	}
 	conf.Backend = StoreBackendConfig{InMemory: &InMemoryBackendConfig{}}
-	st, err := NewStore(conf, nil, nil)
+	st, err := NewStore(conf, nil, nil, nil)
 	if err != nil {
 		t.Fatal("unexpected error:", err)
 	}
@@ -509,7 +509,7 @@ func TestListRevoked(t *testing.T) {
 		SignerVerifierConfig{Name: "sign-and-verify", Ed25519: &Ed25519Config{PrivKeyData: &testPrivKeyEd25519Pem}},
 	}
 	conf.Backend = StoreBackendConfig{InMemory: &InMemoryBackendConfig{}}
-	st, err := NewStore(conf, nil, nil)
+	st, err := NewStore(conf, nil, nil, nil)
 	if err != nil {
 		t.Fatal("unexpected error:", err)
 	}