diff --git a/pkg/api/entries.go b/pkg/api/entries.go
index da2be72436251e1039985fd615a75bd64e053d4c..fd6d2bb74cdf673fe583fa89f2727ad1db160b45 100644
--- a/pkg/api/entries.go
+++ b/pkg/api/entries.go
@@ -194,7 +194,12 @@ func createLogEntry(params entries.CreateLogEntryParams) (models.LogEntry, middl
 
 	if viper.GetBool("enable_retrieve_api") {
 		go func() {
-			for _, key := range entry.IndexKeys() {
+			keys, err := entry.IndexKeys()
+			if err != nil {
+				log.RequestIDLogger(params.HTTPRequest).Error(err)
+				return
+			}
+			for _, key := range keys {
 				if err := addToIndex(context.Background(), key, uuid); err != nil {
 					log.RequestIDLogger(params.HTTPRequest).Error(err)
 				}
diff --git a/pkg/types/alpine/alpine_test.go b/pkg/types/alpine/alpine_test.go
index 331306b0e37667144f075fb1964081243de7b575..a1e5741e7cfc84db0be4b52d0375d7e84eb26616 100644
--- a/pkg/types/alpine/alpine_test.go
+++ b/pkg/types/alpine/alpine_test.go
@@ -38,8 +38,8 @@ func (u UnmarshalTester) APIVersion() string {
 	return "2.0.1"
 }
 
-func (u UnmarshalTester) IndexKeys() []string {
-	return []string{}
+func (u UnmarshalTester) IndexKeys() ([]string, error) {
+	return []string{}, nil
 }
 
 func (u UnmarshalTester) Canonicalize(ctx context.Context) ([]byte, error) {
diff --git a/pkg/types/alpine/v0.0.1/entry.go b/pkg/types/alpine/v0.0.1/entry.go
index 18c1c7fe43534ee0d78f8425d789c4405bbe9522..4d1877332533a42c258e01fd15af215590487bc0 100644
--- a/pkg/types/alpine/v0.0.1/entry.go
+++ b/pkg/types/alpine/v0.0.1/entry.go
@@ -65,23 +65,15 @@ func NewEntry() types.EntryImpl {
 	return &V001Entry{}
 }
 
-func (v V001Entry) IndexKeys() []string {
+func (v V001Entry) IndexKeys() ([]string, error) {
 	var result []string
 
-	if v.hasExternalEntities() {
-		if err := v.fetchExternalEntities(context.Background()); err != nil {
-			log.Logger.Error(err)
-			return result
-		}
-	}
-
 	key, err := v.keyObj.CanonicalValue()
 	if err != nil {
-		log.Logger.Error(err)
-	} else {
-		keyHash := sha256.Sum256(key)
-		result = append(result, strings.ToLower(hex.EncodeToString(keyHash[:])))
+		return nil, err
 	}
+	keyHash := sha256.Sum256(key)
+	result = append(result, strings.ToLower(hex.EncodeToString(keyHash[:])))
 
 	result = append(result, v.keyObj.EmailAddresses()...)
 
@@ -90,7 +82,7 @@ func (v V001Entry) IndexKeys() []string {
 		result = append(result, hashKey)
 	}
 
-	return result
+	return result, nil
 }
 
 func (v *V001Entry) Unmarshal(pe models.ProposedEntry) error {
diff --git a/pkg/types/entries.go b/pkg/types/entries.go
index e04648250bc7fedd9c418815515b0ce7abf0e932..0d5c3ebafd912cb6a72d6b9b9668e1137c1b687a 100644
--- a/pkg/types/entries.go
+++ b/pkg/types/entries.go
@@ -32,7 +32,7 @@ import (
 // EntryImpl specifies the behavior of a versioned type
 type EntryImpl interface {
 	APIVersion() string                               // the supported versions for this implementation
-	IndexKeys() []string                              // the keys that should be added to the external index for this entry
+	IndexKeys() ([]string, error)                     // the keys that should be added to the external index for this entry
 	Canonicalize(ctx context.Context) ([]byte, error) // marshal the canonical entry to be put into the tlog
 	Unmarshal(e models.ProposedEntry) error           // unmarshal the abstract entry into the specific struct for this versioned type
 	Attestation() (string, []byte)
diff --git a/pkg/types/hashedrekord/hashedrekord_test.go b/pkg/types/hashedrekord/hashedrekord_test.go
index d3ed2e28dbe6a451a5254fe395eb57bfda156e35..0abde63299cd390f2ce1c3439464db5212bc864a 100644
--- a/pkg/types/hashedrekord/hashedrekord_test.go
+++ b/pkg/types/hashedrekord/hashedrekord_test.go
@@ -42,8 +42,8 @@ func (u UnmarshalTester) APIVersion() string {
 	return "2.0.1"
 }
 
-func (u UnmarshalTester) IndexKeys() []string {
-	return []string{}
+func (u UnmarshalTester) IndexKeys() ([]string, error) {
+	return []string{}, nil
 }
 
 func (u UnmarshalTester) Canonicalize(ctx context.Context) ([]byte, error) {
diff --git a/pkg/types/hashedrekord/v0.0.1/entry.go b/pkg/types/hashedrekord/v0.0.1/entry.go
index c4eab2822306fb8707ac04477607b330f1be58a3..80a49a1c4238a7c4a50bea5e2ae8e05b3d45c10f 100644
--- a/pkg/types/hashedrekord/v0.0.1/entry.go
+++ b/pkg/types/hashedrekord/v0.0.1/entry.go
@@ -63,17 +63,15 @@ func NewEntry() types.EntryImpl {
 	return &V001Entry{}
 }
 
-func (v V001Entry) IndexKeys() []string {
+func (v V001Entry) IndexKeys() ([]string, error) {
 	var result []string
 
 	key, err := v.keyObj.CanonicalValue()
 	if err != nil {
-		log.Logger.Error(err)
-	} else {
-		keyHash := sha256.Sum256(key)
-		result = append(result, strings.ToLower(hex.EncodeToString(keyHash[:])))
+		return nil, err
 	}
-
+	keyHash := sha256.Sum256(key)
+	result = append(result, strings.ToLower(hex.EncodeToString(keyHash[:])))
 	result = append(result, v.keyObj.EmailAddresses()...)
 
 	if v.HashedRekordObj.Data.Hash != nil {
@@ -81,7 +79,7 @@ func (v V001Entry) IndexKeys() []string {
 		result = append(result, hashKey)
 	}
 
-	return result
+	return result, nil
 }
 
 func (v *V001Entry) Unmarshal(pe models.ProposedEntry) error {
diff --git a/pkg/types/helm/helm_test.go b/pkg/types/helm/helm_test.go
index b4402b95e766b06fbedd20a2b61291e0540f81aa..e628a5783b2af299ef1d7f4c740dc3da8ae4f6fd 100644
--- a/pkg/types/helm/helm_test.go
+++ b/pkg/types/helm/helm_test.go
@@ -42,8 +42,8 @@ func (u UnmarshalTester) APIVersion() string {
 	return "2.0.1"
 }
 
-func (u UnmarshalTester) IndexKeys() []string {
-	return []string{}
+func (u UnmarshalTester) IndexKeys() ([]string, error) {
+	return []string{}, nil
 }
 
 func (u UnmarshalTester) Canonicalize(ctx context.Context) ([]byte, error) {
diff --git a/pkg/types/helm/v0.0.1/entry.go b/pkg/types/helm/v0.0.1/entry.go
index 530764bb87de9c0fb93c1221603a2dd788947cba..7f94a14feabf6d0be2ac368b3b6ec95169b3117f 100644
--- a/pkg/types/helm/v0.0.1/entry.go
+++ b/pkg/types/helm/v0.0.1/entry.go
@@ -66,23 +66,15 @@ func NewEntry() types.EntryImpl {
 	return &V001Entry{}
 }
 
-func (v V001Entry) IndexKeys() []string {
+func (v V001Entry) IndexKeys() ([]string, error) {
 	var result []string
 
-	if v.hasExternalEntities() {
-		if err := v.fetchExternalEntities(context.Background()); err != nil {
-			log.Logger.Error(err)
-			return result
-		}
-	}
-
 	key, err := v.keyObj.CanonicalValue()
 	if err != nil {
-		log.Logger.Error(err)
-	} else {
-		keyHash := sha256.Sum256(key)
-		result = append(result, strings.ToLower(hex.EncodeToString(keyHash[:])))
+		return nil, err
 	}
+	keyHash := sha256.Sum256(key)
+	result = append(result, strings.ToLower(hex.EncodeToString(keyHash[:])))
 
 	result = append(result, v.keyObj.EmailAddresses()...)
 
@@ -95,7 +87,7 @@ func (v V001Entry) IndexKeys() []string {
 		result = append(result, hashKey)
 	}
 
-	return result
+	return result, nil
 }
 
 func (v *V001Entry) Unmarshal(pe models.ProposedEntry) error {
diff --git a/pkg/types/intoto/intoto_test.go b/pkg/types/intoto/intoto_test.go
index 35b1d0481c2d73e16d25e3255ea24829e062099e..7ff7cfdb02204989a66fdd65ac690bd497052dbe 100644
--- a/pkg/types/intoto/intoto_test.go
+++ b/pkg/types/intoto/intoto_test.go
@@ -42,8 +42,8 @@ func (u UnmarshalTester) APIVersion() string {
 	return "2.0.1"
 }
 
-func (u UnmarshalTester) IndexKeys() []string {
-	return []string{}
+func (u UnmarshalTester) IndexKeys() ([]string, error) {
+	return []string{}, nil
 }
 
 func (u UnmarshalTester) Canonicalize(ctx context.Context) ([]byte, error) {
diff --git a/pkg/types/intoto/v0.0.1/entry.go b/pkg/types/intoto/v0.0.1/entry.go
index 9fb0e782e1f85a0c2d63026ab550a07fe4ab5ae1..262e8b5c11ecf6ff626d086e567ae96cbcc4fb92 100644
--- a/pkg/types/intoto/v0.0.1/entry.go
+++ b/pkg/types/intoto/v0.0.1/entry.go
@@ -69,7 +69,7 @@ func NewEntry() types.EntryImpl {
 	return &V001Entry{}
 }
 
-func (v V001Entry) IndexKeys() []string {
+func (v V001Entry) IndexKeys() ([]string, error) {
 	var result []string
 
 	h := sha256.Sum256([]byte(v.env.Payload))
@@ -80,8 +80,7 @@ func (v V001Entry) IndexKeys() []string {
 	case in_toto.PayloadType:
 		statement, err := parseStatement(v.env.Payload)
 		if err != nil {
-			log.Logger.Info("invalid id in_toto Statement")
-			return result
+			return result, err
 		}
 		for _, s := range statement.Subject {
 			for alg, ds := range s.Digest {
@@ -91,7 +90,7 @@ func (v V001Entry) IndexKeys() []string {
 	default:
 		log.Logger.Infof("Unknown in_toto Statement Type: %s", v.env.PayloadType)
 	}
-	return result
+	return result, nil
 }
 
 func parseStatement(p string) (*in_toto.Statement, error) {
diff --git a/pkg/types/intoto/v0.0.1/entry_test.go b/pkg/types/intoto/v0.0.1/entry_test.go
index f03554417ecd7090809576af387fe1a67740bed5..b0b65f14deb6f51ce094a96944507c0d30275155 100644
--- a/pkg/types/intoto/v0.0.1/entry_test.go
+++ b/pkg/types/intoto/v0.0.1/entry_test.go
@@ -204,7 +204,7 @@ func TestV001Entry_Unmarshal(t *testing.T) {
 				if err := v.validate(); err != nil {
 					return err
 				}
-				keys := v.IndexKeys()
+				keys, _ := v.IndexKeys()
 				h := sha256.Sum256([]byte(v.env.Payload))
 				sha := "sha256:" + hex.EncodeToString(h[:])
 				if keys[0] != sha {
@@ -268,7 +268,7 @@ func TestV001Entry_IndexKeys(t *testing.T) {
 			// Always start with the hash
 			want := []string{"sha256:" + hex.EncodeToString(sha[:])}
 			want = append(want, tt.want...)
-			if got := v.IndexKeys(); !reflect.DeepEqual(got, want) {
+			if got, _ := v.IndexKeys(); !reflect.DeepEqual(got, want) {
 				t.Errorf("V001Entry.IndexKeys() = %v, want %v", got, tt.want)
 			}
 		})
diff --git a/pkg/types/jar/jar_test.go b/pkg/types/jar/jar_test.go
index 683a31ce58fca3e713e1ba42b95bf9ce883da1aa..92ee515ac1c65efa236e0c72a4bdfe35c557d04a 100644
--- a/pkg/types/jar/jar_test.go
+++ b/pkg/types/jar/jar_test.go
@@ -37,8 +37,8 @@ func (u UnmarshalTester) APIVersion() string {
 	return "2.0.1"
 }
 
-func (u UnmarshalTester) IndexKeys() []string {
-	return []string{}
+func (u UnmarshalTester) IndexKeys() ([]string, error) {
+	return []string{}, nil
 }
 
 func (u UnmarshalTester) Canonicalize(ctx context.Context) ([]byte, error) {
diff --git a/pkg/types/jar/v0.0.1/entry.go b/pkg/types/jar/v0.0.1/entry.go
index e033d07a8ec5de45ac225a7368e74b38c700a649..8e395eb10901ffa4b488f087132eeb7f8ed323bb 100644
--- a/pkg/types/jar/v0.0.1/entry.go
+++ b/pkg/types/jar/v0.0.1/entry.go
@@ -70,30 +70,22 @@ func NewEntry() types.EntryImpl {
 	return &V001Entry{}
 }
 
-func (v V001Entry) IndexKeys() []string {
+func (v V001Entry) IndexKeys() ([]string, error) {
 	var result []string
 
-	if v.hasExternalEntities() {
-		if err := v.fetchExternalEntities(context.Background()); err != nil {
-			log.Logger.Error(err)
-			return result
-		}
-	}
-
 	key, err := v.keyObj.CanonicalValue()
 	if err != nil {
-		log.Logger.Error(err)
-	} else {
-		keyHash := sha256.Sum256(key)
-		result = append(result, strings.ToLower(hex.EncodeToString(keyHash[:])))
+		return nil, err
 	}
+	keyHash := sha256.Sum256(key)
+	result = append(result, strings.ToLower(hex.EncodeToString(keyHash[:])))
 
 	if v.JARModel.Archive.Hash != nil {
 		hashKey := strings.ToLower(fmt.Sprintf("%s:%s", *v.JARModel.Archive.Hash.Algorithm, *v.JARModel.Archive.Hash.Value))
 		result = append(result, hashKey)
 	}
 
-	return result
+	return result, nil
 }
 
 func (v *V001Entry) Unmarshal(pe models.ProposedEntry) error {
diff --git a/pkg/types/rekord/rekord_test.go b/pkg/types/rekord/rekord_test.go
index 20b29232d0bf65f55de638d5ea5b767d7d1f6a7b..1f781eb31363582be6cb4006efd55f643196efca 100644
--- a/pkg/types/rekord/rekord_test.go
+++ b/pkg/types/rekord/rekord_test.go
@@ -42,8 +42,8 @@ func (u UnmarshalTester) APIVersion() string {
 	return "2.0.1"
 }
 
-func (u UnmarshalTester) IndexKeys() []string {
-	return []string{}
+func (u UnmarshalTester) IndexKeys() ([]string, error) {
+	return []string{}, nil
 }
 
 func (u UnmarshalTester) Canonicalize(ctx context.Context) ([]byte, error) {
diff --git a/pkg/types/rekord/v0.0.1/entry.go b/pkg/types/rekord/v0.0.1/entry.go
index d0423f973c8de1133b53b68dff25e3a1b5945fb5..5412d709593fda5759f16f7da66b58215971e8ef 100644
--- a/pkg/types/rekord/v0.0.1/entry.go
+++ b/pkg/types/rekord/v0.0.1/entry.go
@@ -64,7 +64,7 @@ func NewEntry() types.EntryImpl {
 	return &V001Entry{}
 }
 
-func (v V001Entry) IndexKeys() []string {
+func (v V001Entry) IndexKeys() ([]string, error) {
 	var result []string
 
 	key, err := v.keyObj.CanonicalValue()
@@ -82,7 +82,7 @@ func (v V001Entry) IndexKeys() []string {
 		result = append(result, hashKey)
 	}
 
-	return result
+	return result, nil
 }
 
 func (v *V001Entry) Unmarshal(pe models.ProposedEntry) error {
diff --git a/pkg/types/rfc3161/rfc3161_test.go b/pkg/types/rfc3161/rfc3161_test.go
index 17b447d9d1ce930185032f4acf3a369822293f0d..dd8c6e642f946c4fb0b246a87bd94f3ea47b6acb 100644
--- a/pkg/types/rfc3161/rfc3161_test.go
+++ b/pkg/types/rfc3161/rfc3161_test.go
@@ -42,8 +42,8 @@ func (u UnmarshalTester) APIVersion() string {
 	return "2.0.1"
 }
 
-func (u UnmarshalTester) IndexKeys() []string {
-	return []string{}
+func (u UnmarshalTester) IndexKeys() ([]string, error) {
+	return []string{}, nil
 }
 
 func (u UnmarshalTester) Canonicalize(ctx context.Context) ([]byte, error) {
diff --git a/pkg/types/rfc3161/v0.0.1/entry.go b/pkg/types/rfc3161/v0.0.1/entry.go
index 118c8f69269afb23c74e6f70f065bcb7ae029424..f67e1e5f7225899f7c0d976e9a685d4eee20d69e 100644
--- a/pkg/types/rfc3161/v0.0.1/entry.go
+++ b/pkg/types/rfc3161/v0.0.1/entry.go
@@ -76,22 +76,21 @@ func NewEntryFromBytes(timestamp []byte) models.ProposedEntry {
 	}
 }
 
-func (v V001Entry) IndexKeys() []string {
+func (v V001Entry) IndexKeys() ([]string, error) {
 	var result []string
 
 	str := v.Rfc3161Obj.Tsr.Content.String()
 	tb, err := base64.StdEncoding.DecodeString(str)
 	if err != nil {
-		log.Logger.Warn(err)
-	} else {
-		h := sha256.Sum256(tb)
-		hx := hex.EncodeToString(h[:])
-
-		payloadKey := "sha256:" + hx
-		result = append(result, payloadKey)
+		return nil, err
 	}
+	h := sha256.Sum256(tb)
+	hx := hex.EncodeToString(h[:])
+
+	payloadKey := "sha256:" + hx
+	result = append(result, payloadKey)
 
-	return result
+	return result, nil
 }
 
 func (v *V001Entry) Unmarshal(pe models.ProposedEntry) error {
diff --git a/pkg/types/rpm/rpm_test.go b/pkg/types/rpm/rpm_test.go
index 8fe48d11dc90a426453d6dc016161821d2b877ea..df276d5ac485e2d789a592d0d37180fc4979e18c 100644
--- a/pkg/types/rpm/rpm_test.go
+++ b/pkg/types/rpm/rpm_test.go
@@ -38,8 +38,8 @@ func (u UnmarshalTester) APIVersion() string {
 	return "2.0.1"
 }
 
-func (u UnmarshalTester) IndexKeys() []string {
-	return []string{}
+func (u UnmarshalTester) IndexKeys() ([]string, error) {
+	return []string{}, nil
 }
 
 func (u UnmarshalTester) Canonicalize(ctx context.Context) ([]byte, error) {
diff --git a/pkg/types/rpm/v0.0.1/entry.go b/pkg/types/rpm/v0.0.1/entry.go
index ae6bbf49f02a79c7d7a08a63f70a98aa58c80057..c9d71f0043d5e31dc9556b1383b16bf1893d5653 100644
--- a/pkg/types/rpm/v0.0.1/entry.go
+++ b/pkg/types/rpm/v0.0.1/entry.go
@@ -67,23 +67,15 @@ func NewEntry() types.EntryImpl {
 	return &V001Entry{}
 }
 
-func (v V001Entry) IndexKeys() []string {
+func (v V001Entry) IndexKeys() ([]string, error) {
 	var result []string
 
-	if v.HasExternalEntities() {
-		if err := v.FetchExternalEntities(context.Background()); err != nil {
-			log.Logger.Error(err)
-			return result
-		}
-	}
-
 	key, err := v.keyObj.CanonicalValue()
 	if err != nil {
-		log.Logger.Error(err)
-	} else {
-		keyHash := sha256.Sum256(key)
-		result = append(result, strings.ToLower(hex.EncodeToString(keyHash[:])))
+		return nil, err
 	}
+	keyHash := sha256.Sum256(key)
+	result = append(result, strings.ToLower(hex.EncodeToString(keyHash[:])))
 
 	result = append(result, v.keyObj.EmailAddresses()...)
 
@@ -92,7 +84,7 @@ func (v V001Entry) IndexKeys() []string {
 		result = append(result, hashKey)
 	}
 
-	return result
+	return result, nil
 }
 
 func (v *V001Entry) Unmarshal(pe models.ProposedEntry) error {
diff --git a/pkg/types/tuf/tuf_test.go b/pkg/types/tuf/tuf_test.go
index 30016634364bd8945bc1ec5ff6a4d1c2fd23a1a6..172d0cb3ca36b9a68db019bb3c442c1edc46ba53 100644
--- a/pkg/types/tuf/tuf_test.go
+++ b/pkg/types/tuf/tuf_test.go
@@ -38,8 +38,8 @@ func (u UnmarshalTester) APIVersion() string {
 	return "2.0.1"
 }
 
-func (u UnmarshalTester) IndexKeys() []string {
-	return []string{}
+func (u UnmarshalTester) IndexKeys() ([]string, error) {
+	return []string{}, nil
 }
 
 func (u UnmarshalTester) Canonicalize(ctx context.Context) ([]byte, error) {
diff --git a/pkg/types/tuf/v0.0.1/entry.go b/pkg/types/tuf/v0.0.1/entry.go
index f92dc2c579042ad0060299abbf9687312a5f7684..afe78fe069fb6aadf12653ea18e15ded8b26a3b8 100644
--- a/pkg/types/tuf/v0.0.1/entry.go
+++ b/pkg/types/tuf/v0.0.1/entry.go
@@ -76,16 +76,9 @@ func NewEntry() types.EntryImpl {
 	return &V001Entry{}
 }
 
-func (v V001Entry) IndexKeys() []string {
+func (v V001Entry) IndexKeys() ([]string, error) {
 	var result []string
 
-	if v.hasExternalEntities() {
-		if err := v.fetchExternalEntities(context.Background()); err != nil {
-			log.Logger.Error(err)
-			return result
-		}
-	}
-
 	// Index metadata hash, type, and version.
 	metadata, err := v.sigObj.CanonicalValue()
 	if err != nil {
@@ -97,8 +90,7 @@ func (v V001Entry) IndexKeys() []string {
 
 	signed, ok := v.sigObj.(*ptuf.Signature)
 	if !ok {
-		log.Logger.Error(errors.New("invalid metadata format"))
-		return result
+		return nil, errors.New("invalid metadata format")
 	}
 
 	result = append(result, signed.Role)
@@ -114,7 +106,7 @@ func (v V001Entry) IndexKeys() []string {
 	}
 
 	// TODO: Index individual key IDs
-	return result
+	return result, nil
 }
 
 func (v *V001Entry) Unmarshal(pe models.ProposedEntry) error {