diff --git a/src/commands/identity.rs b/src/commands/identity.rs
index 67e26282f4ffb1e25972bdfbfebaf39c2436fb21..708c9c5cad81bb2367be4ce3279ad0bf3c3adf58 100644
--- a/src/commands/identity.rs
+++ b/src/commands/identity.rs
@@ -64,28 +64,27 @@ pub enum Subcommand {
 	/// Display member count
 	MemberCount,
 	/// Link an account to the identity
-	LinkAccount(AccountLinkParams),
+	LinkAccount(SecretProvider),
 	/// Migrate identity to another account
 	/// Change Owner Key
-	ChangeOwnerKey(AccountLinkParams),
+	ChangeOwnerKey(SecretProvider),
 }
 
 #[derive(clap::Args, Clone, Debug)]
-pub struct AccountLinkParams {
-	/// SS58 Address of vault account to link
+pub struct SecretProvider {
+	/// SS58 Address of target vault account
 	#[clap(short, conflicts_with_all=["vault_name","secret_format", "secret", "crypto_scheme"])]
 	address: Option<AccountId>,
-	/// Name of vault account to link
+	/// Name of target vault account
 	#[clap(short = 'v', conflicts_with_all=["secret_format", "secret", "crypto_scheme"])]
 	vault_name: Option<String>,
-	/// Secret key format of account to link (seed, substrate)
+	/// Secret key format of target account (seed, substrate)
 	#[clap(short = 'S', long)]
 	secret_format: Option<SecretFormat>,
-	/// Secret of account to link
-	/// most likely different from the one owning the identity
+	/// Secret of target account
 	#[clap(short, long)]
 	secret: Option<String>,
-	/// Crypto scheme of account to link (sr25519, ed25519)
+	/// Crypto scheme of target account (sr25519, ed25519)
 	#[clap(short = 'c', long, required = false, default_value = CryptoScheme::Ed25519)]
 	crypto_scheme: CryptoScheme,
 }
@@ -156,87 +155,59 @@ pub async fn handle_command(data: Data, command: Subcommand) -> Result<(), GcliE
 			)
 		}
 		Subcommand::LinkAccount(params) => {
-			async fn perform_link_account(data: Data, keypair: KeyPair) -> Result<(), GcliError> {
-				println!("Trying to make the link");
-				let address = keypair.address();
-				let data = data.fetch_idty_index().await?; // idty index required for payload
-				link_account(&data, address, keypair).await?;
-				Ok(())
-			}
-
-			if let Some(address) = params.address {
-				let key_pair = commands::vault::fetch_vault_keypair_for_address(&data, address).await?;
-				perform_link_account(data, key_pair).await?;
-			} else if let Some(vault_name) = params.vault_name {
-				let account_tree_node =
-					retrieve_account_tree_node_for_name(data.connect_db(), &vault_name).await?;
-				let address = account_tree_node.borrow().account.address.0.clone();
-
-				let key_pair = commands::vault::fetch_vault_keypair_for_address(&data, address).await?;
-				perform_link_account(data, key_pair).await?;
-			} else if let Some(secret_format) = params.secret_format {
-				let keypair = get_keypair(
-					secret_format,
-					params.secret.as_deref(),
-					params.crypto_scheme,
-				)?;
-				println!(
-					"target address:'{}' (using crypto-scheme:{})",
-					keypair.address(),
-					<&'static str>::from(params.crypto_scheme)
-				);
-				perform_link_account(data, keypair).await?;
-			} else {
-				return Err(GcliError::Input(
-					"One of `address`/`vault_name`/`secret_format`(and optional `secret` & `crypto_scheme`) must be provided".to_string(),
-				));
-			}
+			let target_keypair = get_keypair_from_secret_provider(&data, params).await?;
+
+			println!("Trying to make the link");
+			let address = target_keypair.address();
+			let data = data.fetch_idty_index().await?; // idty index required for payload
+			link_account(&data, address, target_keypair).await?;
 		}
 		Subcommand::ChangeOwnerKey(params) => {
-			async fn perform_change_owner_key(
-				data: Data,
-				keypair: KeyPair,
-			) -> Result<(), GcliError> {
-				println!("Trying to change owner key");
-				let address = keypair.address();
-				let data = data.fetch_idty_index().await?; // idty index required for payload
-				change_owner_key(&data, address, keypair).await?;
-				Ok(())
-			}
-
-			if let Some(address) = params.address {
-				let key_pair = commands::vault::fetch_vault_keypair_for_address(&data, address).await?;
-				perform_change_owner_key(data, key_pair).await?;
-			} else if let Some(vault_name) = params.vault_name {
-				let account_tree_node =
-					retrieve_account_tree_node_for_name(data.connect_db(), &vault_name).await?;
-				let address = account_tree_node.borrow().account.address.0.clone();
-
-				let key_pair = commands::vault::fetch_vault_keypair_for_address(&data, address).await?;
-				perform_change_owner_key(data, key_pair).await?;
-			} else if let Some(secret_format) = params.secret_format {
-				let keypair = get_keypair(
-					secret_format,
-					params.secret.as_deref(),
-					params.crypto_scheme,
-				)?;
-				println!(
-					"target address:'{}' (using crypto-scheme:{})",
-					keypair.address(),
-					<&'static str>::from(params.crypto_scheme)
-				);
-				perform_change_owner_key(data, keypair).await?;
-			} else {
-				return Err(GcliError::Input(
-					"One of `address`/`vault_name`/`secret_format`(and optional `secret` & `crypto_scheme`) must be provided".to_string(),
-				));
-			}
+			let target_keypair = get_keypair_from_secret_provider(&data, params).await?;
+
+			println!("Trying to change owner key");
+			let address = target_keypair.address();
+			let data = data.fetch_idty_index().await?; // idty index required for payload
+			change_owner_key(&data, address, target_keypair).await?;
 		}
 	};
 
 	Ok(())
 }
 
+async fn get_keypair_from_secret_provider(
+	data: &Data,
+	secret_provider: SecretProvider,
+) -> Result<KeyPair, GcliError> {
+	let key_pair = if let Some(address) = secret_provider.address {
+		commands::vault::fetch_vault_keypair_for_address(data, address).await?
+	} else if let Some(vault_name) = secret_provider.vault_name {
+		let account_tree_node =
+			retrieve_account_tree_node_for_name(data.connect_db(), &vault_name).await?;
+		let address = account_tree_node.borrow().account.address.0.clone();
+
+		commands::vault::fetch_vault_keypair_for_address(data, address).await?
+	} else if let Some(secret_format) = secret_provider.secret_format {
+		let keypair = get_keypair(
+			secret_format,
+			secret_provider.secret.as_deref(),
+			secret_provider.crypto_scheme,
+		)?;
+		println!(
+			"target address:'{}' (using crypto-scheme:{})",
+			keypair.address(),
+			<&'static str>::from(secret_provider.crypto_scheme)
+		);
+		keypair
+	} else {
+		return Err(GcliError::Input(
+			"One of `address`/`vault_name`/`secret_format`(and optional `secret` & `crypto_scheme`) must be provided".to_string(),
+		));
+	};
+
+	Ok(key_pair)
+}
+
 // ======================
 
 // TODO derive this automatically