diff --git a/app.go b/app.go
index b40ad53..be68785 100644
--- a/app.go
+++ b/app.go
@@ -3,8 +3,6 @@ package main
 import (
 	"context"
 	"crypto/ecdsa"
-	"crypto/elliptic"
-	"crypto/rand"
 	"strconv"
 
 	"github.com/fasthttp/router"
@@ -12,7 +10,6 @@ import (
 	"github.com/nspcc-dev/cdn-neofs-sdk/creds/neofs"
 	"github.com/nspcc-dev/cdn-neofs-sdk/logger"
 	"github.com/nspcc-dev/cdn-neofs-sdk/pool"
-	crypto "github.com/nspcc-dev/neofs-crypto"
 	"github.com/spf13/viper"
 	"github.com/valyala/fasthttp"
 	"go.uber.org/zap"
@@ -79,20 +76,20 @@ func newApp(ctx context.Context, opt ...Option) App {
 
 	a.wlog = logger.GRPC(a.log)
 
-	if a.cfg.GetBool("verbose") {
+	if a.cfg.GetBool(cmdVerbose) {
 		grpclog.SetLoggerV2(a.wlog)
 	}
 
-	conTimeout := a.cfg.GetDuration("connect_timeout")
-	reqTimeout := a.cfg.GetDuration("request_timeout")
-	tckTimeout := a.cfg.GetDuration("rebalance_timer")
+	conTimeout := a.cfg.GetDuration(cfgConTimeout)
+	reqTimeout := a.cfg.GetDuration(cfgReqTimeout)
+	tckTimeout := a.cfg.GetDuration(cfgRebalance)
 
 	// -- setup FastHTTP server: --
 	a.web.Name = "neofs-http-gate"
-	a.web.ReadBufferSize = a.cfg.GetInt("web.read_buffer_size")
-	a.web.WriteBufferSize = a.cfg.GetInt("web.write_buffer_size")
-	a.web.ReadTimeout = a.cfg.GetDuration("web.read_timeout")
-	a.web.WriteTimeout = a.cfg.GetDuration("web.write_timeout")
+	a.web.ReadBufferSize = a.cfg.GetInt(cfgWebReadBufferSize)
+	a.web.WriteBufferSize = a.cfg.GetInt(cfgWebWriteBufferSize)
+	a.web.ReadTimeout = a.cfg.GetDuration(cfgWebReadTimeout)
+	a.web.WriteTimeout = a.cfg.GetDuration(cfgWebWriteTimeout)
 	a.web.GetOnly = true
 	a.web.DisableHeaderNamesNormalizing = true
 	a.web.NoDefaultServerHeader = true
@@ -101,8 +98,8 @@ func newApp(ctx context.Context, opt ...Option) App {
 
 	connections := make(map[string]float64)
 	for i := 0; ; i++ {
-		address := a.cfg.GetString("peers." + strconv.Itoa(i) + ".address")
-		weight := a.cfg.GetFloat64("peers." + strconv.Itoa(i) + ".weight")
+		address := a.cfg.GetString(cfgPeers + "." + strconv.Itoa(i) + ".address")
+		weight := a.cfg.GetFloat64(cfgPeers + "." + strconv.Itoa(i) + ".weight")
 		if address == "" {
 			break
 		}
@@ -113,7 +110,7 @@ func newApp(ctx context.Context, opt ...Option) App {
 			zap.Float64("weight", weight))
 	}
 
-	cred, err := prepareCredentials(a.cfg.GetString("key"), a.log)
+	cred, err := neofs.New(a.cfg.GetString(cmdNeoFSKey))
 	if err != nil {
 		a.log.Fatal("could not prepare credentials", zap.Error(err))
 	}
@@ -130,9 +127,9 @@ func newApp(ctx context.Context, opt ...Option) App {
 			grpc.WithBlock(),
 			grpc.WithInsecure(),
 			grpc.WithKeepaliveParams(keepalive.ClientParameters{
-				Time:                a.cfg.GetDuration("keepalive.time"),
-				Timeout:             a.cfg.GetDuration("keepalive.timeout"),
-				PermitWithoutStream: a.cfg.GetBool("keepalive.permit_without_stream"),
+				Time:                a.cfg.GetDuration(cfgKeepaliveTime),
+				Timeout:             a.cfg.GetDuration(cfgKeepaliveTimeout),
+				PermitWithoutStream: a.cfg.GetBool(cfgKeepalivePermitWithoutStream),
 			})))
 
 	if err != nil {
@@ -151,26 +148,6 @@ func newApp(ctx context.Context, opt ...Option) App {
 	return a
 }
 
-func prepareCredentials(key string, log *zap.Logger) (neofs.Credentials, error) {
-	if key == generated {
-		log.Fatal("Don't use generated key, deprecated")
-
-		sk, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
-		if err != nil {
-			return nil, err
-		}
-
-		key, err = crypto.WIFEncode(sk)
-		if err != nil {
-			return nil, err
-		}
-
-		log.Info("generate new key", zap.String("wif", key))
-	}
-
-	return neofs.New(key)
-}
-
 func (a *app) Wait() {
 	a.log.Info("application started")
 
@@ -204,18 +181,18 @@ func (a *app) Serve(ctx context.Context) {
 	attachHealthy(r, a.pool.Status)
 
 	// enable metrics
-	if a.cfg.GetBool("metrics") {
+	if a.cfg.GetBool(cmdMetrics) {
 		a.log.Info("enabled /metrics/")
 		attachMetrics(r, a.wlog)
 	}
 
 	// enable pprof
-	if a.cfg.GetBool("pprof") {
+	if a.cfg.GetBool(cmdPprof) {
 		a.log.Info("enabled /debug/pprof/")
 		attachProfiler(r)
 	}
 
-	bind := a.cfg.GetString("listen_address")
+	bind := a.cfg.GetString(cfgListenAddress)
 	a.log.Info("run gateway server",
 		zap.String("address", bind))
 
diff --git a/settings.go b/settings.go
index 5b62e6c..a62ccd3 100644
--- a/settings.go
+++ b/settings.go
@@ -19,10 +19,6 @@ const (
 	devNull   = empty(0)
 	generated = "generated"
 
-	minimumTTLInMinutes = 5
-
-	defaultTTL = minimumTTLInMinutes * time.Minute
-
 	defaultRebalanceTimer = 15 * time.Second
 	defaultRequestTimeout = 15 * time.Second
 	defaultConnectTimeout = 30 * time.Second
@@ -30,6 +26,25 @@ const (
 	defaultKeepaliveTime    = 10 * time.Second
 	defaultKeepaliveTimeout = 10 * time.Second
 
+	cfgListenAddress = "listen_address"
+
+	// KeepAlive
+	cfgKeepaliveTime                = "keepalive.time"
+	cfgKeepaliveTimeout             = "keepalive.timeout"
+	cfgKeepalivePermitWithoutStream = "keepalive.permit_without_stream"
+
+	// Web
+	cfgWebReadBufferSize    = "web.read_buffer_size"
+	cfgWebWriteBufferSize   = "web.write_buffer_size"
+	cfgWebReadTimeout       = "web.read_timeout"
+	cfgWebWriteTimeout      = "web.write_timeout"
+	cfgWebConnectionPerHost = "web.connection_per_host"
+
+	// Timeouts
+	cfgConTimeout = "con_timeout"
+	cfgReqTimeout = "req_timeout"
+	cfgRebalance  = "rebalance_timer"
+
 	// Logger:
 	cfgLoggerLevel              = "logger.level"
 	cfgLoggerFormat             = "logger.format"
@@ -48,8 +63,12 @@ const (
 	cfgApplicationBuildTime = "app.build_time"
 
 	// command line args
-	cmdHelp    = "help"
-	cmdVersion = "version"
+	cmdHelp     = "help"
+	cmdVersion  = "version"
+	cmdVerbose  = "verbose"
+	cmdPprof    = "pprof"
+	cmdMetrics  = "metrics"
+	cmdNeoFSKey = "key"
 )
 
 var ignore = map[string]struct{}{
@@ -77,23 +96,21 @@ func settings() *viper.Viper {
 	flags.SetOutput(os.Stdout)
 	flags.SortFlags = false
 
-	flags.Bool("pprof", false, "enable pprof")
-	flags.Bool("metrics", false, "enable prometheus")
+	flags.Bool(cmdPprof, false, "enable pprof")
+	flags.Bool(cmdMetrics, false, "enable prometheus")
 
 	help := flags.BoolP(cmdHelp, "h", false, "show help")
 	version := flags.BoolP(cmdVersion, "v", false, "show version")
 
-	flags.String("key", generated, `"`+generated+`" to generate key, path to private key file, hex string or wif`)
+	flags.String(cmdNeoFSKey, "", `"Path to private key file, hex string or wif`)
 
-	flags.Bool("verbose", false, "debug gRPC connections")
-	flags.Duration("request_timeout", defaultRequestTimeout, "gRPC request timeout")
-	flags.Duration("connect_timeout", defaultConnectTimeout, "gRPC connect timeout")
-	flags.Duration("rebalance_timer", defaultRebalanceTimer, "gRPC connection rebalance timer")
+	flags.Bool(cmdVerbose, false, "debug gRPC connections")
+	flags.Duration(cfgConTimeout, defaultConnectTimeout, "gRPC connect timeout")
+	flags.Duration(cfgReqTimeout, defaultRequestTimeout, "gRPC request timeout")
+	flags.Duration(cfgRebalance, defaultRebalanceTimer, "gRPC connection rebalance timer")
 
-	ttl := flags.DurationP("conn_ttl", "t", defaultTTL, "gRPC connection time to live")
-
-	flags.String("listen_address", "0.0.0.0:8082", "HTTP Gateway listen address")
-	peers := flags.StringArrayP("peers", "p", nil, "NeoFS nodes")
+	flags.String(cfgListenAddress, "0.0.0.0:8082", "HTTP Gateway listen address")
+	peers := flags.StringArrayP(cfgPeers, "p", nil, "NeoFS nodes")
 
 	// set prefers:
 	v.Set(cfgApplicationName, "neofs-http-gw")
@@ -112,16 +129,16 @@ func settings() *viper.Viper {
 
 	// keepalive:
 	// If set below 10s, a minimum value of 10s will be used instead.
-	v.SetDefault("keepalive.time", defaultKeepaliveTime)
-	v.SetDefault("keepalive.timeout", defaultKeepaliveTimeout)
-	v.SetDefault("keepalive.permit_without_stream", true)
+	v.SetDefault(cfgKeepaliveTime, defaultKeepaliveTime)
+	v.SetDefault(cfgKeepaliveTimeout, defaultKeepaliveTimeout)
+	v.SetDefault(cfgKeepalivePermitWithoutStream, true)
 
 	// web-server:
-	v.SetDefault("web.read_buffer_size", 4096)
-	v.SetDefault("web.write_buffer_size", 4096)
-	v.SetDefault("web.read_timeout", time.Second*15)
-	v.SetDefault("web.write_timeout", time.Minute)
-	v.SetDefault("web.connection_per_host", 10)
+	v.SetDefault(cfgWebReadBufferSize, 4096)
+	v.SetDefault(cfgWebWriteBufferSize, 4096)
+	v.SetDefault(cfgWebReadTimeout, time.Second*15)
+	v.SetDefault(cfgWebWriteTimeout, time.Minute)
+	v.SetDefault(cfgWebConnectionPerHost, 10)
 
 	if err := v.BindPFlags(flags); err != nil {
 		panic(err)
@@ -166,8 +183,6 @@ func settings() *viper.Viper {
 	case version != nil && *version:
 		fmt.Printf("NeoFS HTTP Gateway %s (%s)\n", Version, Build)
 		os.Exit(0)
-	case ttl != nil && ttl.Minutes() < minimumTTLInMinutes:
-		fmt.Printf("connection ttl should not be less than %s", defaultTTL)
 	}
 
 	if peers != nil && len(*peers) > 0 {