diff --git a/endpoints/keyserver/__init__.py b/endpoints/keyserver/__init__.py
index 6588fd78b..13248fcc7 100644
--- a/endpoints/keyserver/__init__.py
+++ b/endpoints/keyserver/__init__.py
@@ -58,15 +58,15 @@ def _lookup_service_key(service, signer_kid, approved_only=True):
     abort(403)
 
 
+def jwk_with_kid(key):
+  jwk = key.jwk.copy()
+  jwk.update({'kid': key.kid})
+  return jwk
+
+
 @key_server.route('/services/<service>/keys', methods=['GET'])
 def list_service_keys(service):
   keys = model.list_service_keys(service)
-
-  def jwk_with_kid(key):
-    jwk = key.jwk
-    jwk.update({'kid': key.kid})
-    return jwk
-
   return jsonify({'keys': [jwk_with_kid(key) for key in keys]})
 
 
diff --git a/test/test_endpoints.py b/test/test_endpoints.py
index 2bfb8354e..b29db6af5 100644
--- a/test/test_endpoints.py
+++ b/test/test_endpoints.py
@@ -21,6 +21,7 @@ from data.database import ServiceKeyApprovalType
 from endpoints import keyserver
 from endpoints.api import api, api_bp
 from endpoints.api.user import Signin
+from endpoints.keyserver import jwk_with_kid
 from endpoints.web import web as web_bp
 from initdb import setup_database_for_testing, finished_database_for_testing
 from test.helpers import assert_action_logged
@@ -364,7 +365,7 @@ class KeyServerTestCase(EndpointTestCase):
   def test_list_service_keys(self):
     # Retrieve all the keys.
     all_keys = model.service_keys.list_all_keys()
-    visible_jwks = [key.jwk for key in model.service_keys.list_service_keys('sample_service')]
+    visible_jwks = [jwk_with_kid(key) for key in model.service_keys.list_service_keys('sample_service')]
 
     invisible_jwks = []
     for key in all_keys: