diff --git a/barbicanclient/keep.py b/barbicanclient/keep.py
index 29859a86..f873df1d 100644
--- a/barbicanclient/keep.py
+++ b/barbicanclient/keep.py
@@ -23,26 +23,30 @@ from barbicanclient import client
 
 class Keep:
     def __init__(self):
-        self.parser = self.get_main_parser()
-        self.subparsers = self.parser.add_subparsers(title='subcommands',
-                                                     description=
-                                                     'Action to perform')
-        self.add_create_args()
+        self.parser = self._get_main_parser()
+        self.subparsers = self.parser.add_subparsers(
+            title='subcommands',
+            metavar='<action>',
+            description='Action to perform'
+        )
+        self._add_create_args()
         self._add_store_args()
-        self.add_get_args()
-        self.add_list_args()
-        self.add_delete_args()
+        self._add_get_args()
+        self._add_list_args()
+        self._add_delete_args()
 
-    def get_main_parser(self):
+    def _get_main_parser(self):
         parser = argparse.ArgumentParser(
             description=__doc__.strip()
         )
         parser.add_argument('command',
+                            metavar='<entity>',
                             choices=['order', 'secret'],
-                            help='Entity used for command.')
+                            help='Entity used for command, e.g.,'
+                                 ' order, secret.')
         auth_group = parser.add_mutually_exclusive_group()
         auth_group.add_argument('--no-auth', '-N', action='store_true',
-                                help='Do not use authentication')
+                                help='Do not use authentication.')
         auth_group.add_argument('--os-auth-url', '-A',
                                 metavar='<auth-url>',
                                 default=client.env('OS_AUTH_URL'),
@@ -69,24 +73,26 @@ class Keep:
                             help='Defaults to env[BARBICAN_ENDPOINT].')
         return parser
 
-    def add_create_args(self):
+    def _add_create_args(self):
         create_parser = self.subparsers.add_parser('create',
                                                    help='Create a new order.')
         create_parser.add_argument('--name', '-n',
                                    help='a human-friendly name.')
         create_parser.add_argument('--algorithm', '-a', default='aes',
-                                   help='the algorithm (default: %(default)s).')
+                                   help='the algorithm to be used with the '
+                                        'requested key (default: %(default)s).')
         create_parser.add_argument('--bit-length', '-b', default=256,
-                                   help='the bit length '
-                                        '(default: %(default)s).',
+                                   help='the bit length of the requested secret'
+                                        ' key (default: %(default)s).',
                                    type=int)
         create_parser.add_argument('--mode', '-m', default='cbc',
-                                   help='the algorithmm mode; used only for '
-                                   'reference (default: %(default)s)')
+                                   help='the algorithmm mode to be used with '
+                                   'the rquested key (default: %(default)s).')
         create_parser.add_argument('--payload-content-type', '-t',
+                                   default='application/octet-stream',
                                    help='the type/format of the secret to be'
-                                        ' generated.')
-        create_parser.add_argument('--expiration', '-e', help='the expiration '
+                                        ' generated (default: %(default)s).')
+        create_parser.add_argument('--expiration', '-x', help='the expiration '
                                    'time for the secret in ISO 8601 format.')
         create_parser.set_defaults(func=self.create)
 
@@ -105,7 +111,7 @@ class Keep:
                                   'secret data; "text/plain" is assumed to be'
                                   ' UTF-8; required when --payload is'
                                   ' supplied.')
-        store_parser.add_argument('--payload-content-encoding', '-d',
+        store_parser.add_argument('--payload-content-encoding', '-e',
                                   help='required if --payload-content-type is'
                                   ' "application/octet-stream".')
         store_parser.add_argument('--algorithm', '-a', default='aes',
@@ -117,37 +123,39 @@ class Keep:
         store_parser.add_argument('--mode', '-m', default='cbc',
                                   help='the algorithmm mode; used only for '
                                   'reference (default: %(default)s)')
-        store_parser.add_argument('--expiration', '-e', help='the expiration '
+        store_parser.add_argument('--expiration', '-x', help='the expiration '
                                   'time for the secret in ISO 8601 format.')
         store_parser.set_defaults(func=self.store)
 
-    def add_delete_args(self):
+    def _add_delete_args(self):
         delete_parser = self.subparsers.add_parser(
             'delete',
-            help='Delete a secret or an order by providing its UUID.'
+            help='Delete a secret or an order by providing its href.'
         )
-        delete_parser.add_argument('UUID', help='the universally unique identi'
-                                   'fier of the the secret or order')
+        delete_parser.add_argument('URI', help='The URI reference for the'
+                                               ' secret or order')
         delete_parser.set_defaults(func=self.delete)
 
-    def add_get_args(self):
+    def _add_get_args(self):
         get_parser = self.subparsers.add_parser(
             'get',
-            help='Retrieve a secret or an order by providing its UUID.'
+            help='Retrieve a secret or an order by providing its URI.'
         )
-        get_parser.add_argument('UUID', help='the universally unique identi'
-                                'fier of the the secret or order.')
-        get_parser.add_argument('--raw', '-r', help='if specified, gets the ra'
-                                'w secret of type specified with --payload_con'
-                                'tent_type (only used for secrets).',
+        get_parser.add_argument('URI', help='The URI reference for the secret'
+                                ' or order.')
+        get_parser.add_argument('--decrypt', '-d', help='if specified, keep'
+                                ' will retrieve the unencrypted secret data;'
+                                ' the data type can be specified with'
+                                ' --payload-content-type (only used for'
+                                ' secrets).',
                                 action='store_true')
         get_parser.add_argument('--payload_content_type', '-t',
                                 default='text/plain',
-                                help='the content type of the raw secret (defa'
-                                'ult: %(default)s; only used for secrets)')
+                                help='the content type of the decrypted secret '
+                                '(default: %(default)s; only used for secrets)')
         get_parser.set_defaults(func=self.get)
 
-    def add_list_args(self):
+    def _add_list_args(self):
         list_parser = self.subparsers.add_parser('list',
                                                  help='List secrets or orders')
         list_parser.add_argument('--limit', '-l', default=10, help='specify t'
@@ -170,6 +178,9 @@ class Keep:
                                                args.mode,
                                                args.expiration)
             print secret
+        else:
+            self.parser.exit(status=1, message='ERROR: store is only supported'
+                                               ' for secrets\n')
 
     def create(self, args):
         if args.command == 'order':
@@ -180,22 +191,25 @@ class Keep:
                                               args.mode,
                                               args.expiration)
             print order
+        else:
+            self.parser.exit(status=1, message='ERROR: create is only supported'
+                                               ' for orders\n')
 
     def delete(self, args):
         if args.command == 'secret':
-            self.client.secret.delete(args.UUID)
+            self.client.secret.delete(args.URI)
         else:
-            self.client.orders.delete(args.UUID)
+            self.client.orders.delete(args.URI)
 
     def get(self, args):
         if args.command == 'secret':
-            if args.raw:
-                print self.client.secrets.raw(args.UUID,
+            if args.decrypt:
+                print self.client.secrets.raw(args.URI,
                                               args.payload_content_type)
             else:
-                print self.client.secrets.get(args.UUID)
+                print self.client.secrets.get(args.URI)
         else:
-            print self.client.orders.get(args.UUID)
+            print self.client.orders.get(args.URI)
 
     def list(self, args):
         if args.command == 'secret':
@@ -211,15 +225,21 @@ class Keep:
         args = self.parser.parse_args(kwargs.get('argv'))
         if args.no_auth:
             self.client = client.Client(endpoint=args.endpoint,
-                                        tenant_id=args.tenant_id)
-        else:
-            self._keystone = auth.KeystoneAuth(auth_url=args.auth_url,
-                                               username=args.username,
-                                               password=args.password,
-                                               tenant_name=args.tenant_name)
+                                        tenant_id=args.os_tenant_id)
+        elif all([args.os_auth_url, args.os_username, args.os_password,
+                  args.os_tenant_name]):
+            self._keystone = auth.KeystoneAuth(auth_url=args.os_auth_url,
+                                               username=args.os_username,
+                                               password=args.os_password,
+                                               tenant_name=args.os_tenant_name)
             self.client = client.Client(auth_plugin=self._keystone,
                                         endpoint=args.endpoint,
                                         tenant_id=args.tenant_id)
+        else:
+            self.parser.exit(
+                status=1,
+                message='ERROR: please specify authentication credentials\n'
+            )
         args.func(args)
 
 
diff --git a/barbicanclient/orders.py b/barbicanclient/orders.py
index 34ed191e..b7420048 100644
--- a/barbicanclient/orders.py
+++ b/barbicanclient/orders.py
@@ -41,7 +41,7 @@ class Order(object):
                 "        secret href: {1}\n"
                 "        created: {2}\n"
                 "        status: {3}\n"
-                .format(self.order_ref, self.secret.secret_ref,
+                .format(self.order_ref, self.secret_ref,
                         self.created, self.status)
                 )
 
@@ -120,7 +120,7 @@ class OrderManager(base.BaseEntityManager):
         :param offset: Offset orders to begin list
         :returns: list of Order objects
         """
-        LOG.debug('Listing orders - offest {0} limit {1}').format(offset, limit)
+        LOG.debug('Listing orders - offest {0} limit {1}'.format(offset, limit))
         href = '{0}/{1}'.format(self.api.base_url, self.entity)
         params = {'limit': limit, 'offset': offset}
         resp = self.api.get(href, params)