diff --git a/src/lib_signer_backends/encrypted.ml b/src/lib_signer_backends/encrypted.ml
index ba1c47aa3..b70a637b5 100644
--- a/src/lib_signer_backends/encrypted.ml
+++ b/src/lib_signer_backends/encrypted.ml
@@ -192,6 +192,17 @@ let decrypt_all (cctxt : #Client_context.io_wallet) =
       return_unit
   end sks
 
+let decrypt_list (cctxt : #Client_context.io_wallet) keys =
+  Secret_key.load cctxt >>=? fun sks ->
+  iter_s begin fun (name, sk_uri) ->
+    if Uri.scheme (sk_uri : sk_uri :> Uri.t) = Some scheme &&
+       (keys = [] || List.mem name keys) then
+      decrypt cctxt ~name sk_uri >>=? fun _ ->
+      return_unit
+    else
+      return_unit
+  end sks
+
 let rec read_passphrase (cctxt : #Client_context.io) =
   cctxt#prompt_password
     "Enter passphrase to encrypt your key: " >>=? fun password ->
diff --git a/src/lib_signer_backends/encrypted.mli b/src/lib_signer_backends/encrypted.mli
index a91f89818..09096e718 100644
--- a/src/lib_signer_backends/encrypted.mli
+++ b/src/lib_signer_backends/encrypted.mli
@@ -33,6 +33,9 @@ val decrypt:
 val decrypt_all:
   #Client_context.io_wallet -> unit tzresult Lwt.t
 
+val decrypt_list:
+  #Client_context.io_wallet -> string list -> unit tzresult Lwt.t
+
 val encrypt:
   #Client_context.io ->
   Signature.secret_key -> Client_keys.sk_uri tzresult Lwt.t
diff --git a/src/proto_alpha/lib_delegate/delegate_commands.ml b/src/proto_alpha/lib_delegate/delegate_commands.ml
index 82f0c87fb..2cd95c965 100644
--- a/src/proto_alpha/lib_delegate/delegate_commands.ml
+++ b/src/proto_alpha/lib_delegate/delegate_commands.ml
@@ -86,6 +86,8 @@ let baker_commands () =
          directory_parameter
        @@ seq_of_param Client_keys.Public_key_hash.alias_param)
       (fun (max_priority, threshold) node_path delegates cctxt ->
+         Tezos_signer_backends.Encrypted.decrypt_list
+           cctxt (List.map fst delegates) >>=? fun () ->
          Client_daemon.Baker.run cctxt
            ?threshold
            ?max_priority
@@ -107,6 +109,8 @@ let endorser_commands () =
       (prefixes [ "run" ]
        @@ seq_of_param Client_keys.Public_key_hash.alias_param)
       (fun endorsement_delay delegates cctxt ->
+         Tezos_signer_backends.Encrypted.decrypt_list
+           cctxt (List.map fst delegates) >>=? fun () ->
          Client_daemon.Endorser.run cctxt
            ~delay:endorsement_delay
            ~min_date:((Time.add (Time.now ()) (Int64.neg 1800L)))