diff --git a/fishctl/src/command/config/update/v1.rs b/fishctl/src/command/config/update/v1.rs
index 2e75dd8..9db4d1a 100644
--- a/fishctl/src/command/config/update/v1.rs
+++ b/fishctl/src/command/config/update/v1.rs
@@ -4,6 +4,7 @@
 use crate::{
     command::config::{read_file_as_string, ReadError},
     config::{client, server, Revision, CLIENT_CONFIG_PATH, SERVER_CONFIG_PATH},
+    util::vapid::{generate_vapid_keys, VapidError},
 };
 use color_print::cprintln;
 use sqlx::{postgres::PgConnectOptions, ConnectOptions};
@@ -29,6 +30,8 @@ pub(crate) enum Error {
     InvalidConfig(&'static str),
     #[error("failed to parse server URL")]
     InvalidUrl(#[from] url::ParseError),
+    #[error(transparent)]
+    Vapid(#[from] VapidError),
 }
 
 pub(super) async fn run(base_dir: &Path) -> Result<(), Error> {
@@ -158,7 +161,6 @@ struct Meta {
     smtp_port: Option<i32>,
     smtp_user: Option<String>,
     smtp_pass: Option<String>,
-    enable_service_worker: bool,
     sw_public_key: Option<String>,
     sw_private_key: Option<String>,
     pinned_users: Vec<String>,
@@ -309,6 +311,20 @@ fn create_new_server_config(
         url => Some(url.to_owned()),
     };
 
+    let service_worker = match (meta.sw_public_key.as_ref(), meta.sw_private_key.as_ref()) {
+        (Some(pubkey), Some(privkey)) => server::ServiceWorker {
+            public_key: pubkey.to_owned(),
+            private_key: privkey.to_owned(),
+        },
+        _ => {
+            let keypair = generate_vapid_keys()?;
+            server::ServiceWorker {
+                public_key: keypair.public_key,
+                private_key: keypair.private_key,
+            }
+        }
+    };
+
     let id: Option<server::Id> = if let Some(id) = default_yml.get("cuid") {
         let id = id.as_hash().ok_or(Error::InvalidConfig("cuid"))?;
         Some(server::Id {
@@ -571,6 +587,7 @@ fn create_new_server_config(
             },
         },
         id,
+        service_worker,
         security: todo!(),
         file,
     };
diff --git a/fishctl/src/command/generate.rs b/fishctl/src/command/generate.rs
index 6770328..eb49ed0 100644
--- a/fishctl/src/command/generate.rs
+++ b/fishctl/src/command/generate.rs
@@ -1,5 +1,6 @@
 mod vapid;
 
+use crate::util::vapid::VapidError;
 use clap::Subcommand;
 
 #[derive(Subcommand)]
@@ -12,7 +13,7 @@ pub(crate) enum Commands {
 #[derive(thiserror::Error, Debug)]
 pub(crate) enum GenerateError {
     #[error(transparent)]
-    Validate(#[from] vapid::VapidError),
+    Vapid(#[from] VapidError),
 }
 
 pub(super) fn run(command: Commands) -> Result<(), GenerateError> {
diff --git a/fishctl/src/command/generate/vapid.rs b/fishctl/src/command/generate/vapid.rs
index 980e99e..880cb1e 100644
--- a/fishctl/src/command/generate/vapid.rs
+++ b/fishctl/src/command/generate/vapid.rs
@@ -1,15 +1,13 @@
-#[derive(thiserror::Error, Debug)]
-#[error("failed to generate a Vapid key ({0})")]
-pub struct VapidError(String);
+use crate::util::vapid::{generate_vapid_keys, VapidError};
 
 pub(super) fn run() -> Result<(), VapidError> {
-    let keypair = vapid::Key::generate().map_err(|err| VapidError(err.to_string()))?;
+    let keypair = generate_vapid_keys()?;
 
     println!("public key:");
-    println!("{}", keypair.to_public_raw());
+    println!("{}", keypair.public_key);
     println!("");
     println!("private key:");
-    println!("{}", keypair.to_private_raw());
+    println!("{}", keypair.private_key);
 
     Ok(())
 }
diff --git a/fishctl/src/config/server.rs b/fishctl/src/config/server.rs
index e1ecc18..29eb858 100644
--- a/fishctl/src/config/server.rs
+++ b/fishctl/src/config/server.rs
@@ -24,6 +24,8 @@ pub struct Config {
     #[validate(nested)]
     pub cache_server: CacheServer,
     #[validate(nested)]
+    pub service_worker: ServiceWorker,
+    #[validate(nested)]
     pub id: Option<Id>,
     #[validate(nested)]
     pub file: Option<File>,
@@ -136,6 +138,12 @@ pub struct CacheServer {
     pub prefix: Option<String>,
 }
 
+#[derive(Deserialize, Serialize, Validate, Debug, Clone)]
+pub struct ServiceWorker {
+    pub public_key: String,
+    pub private_key: String,
+}
+
 #[derive(Deserialize, Serialize, Validate, Debug, Clone)]
 pub struct Id {
     #[validate(range(min = 16, max = 24))]
diff --git a/fishctl/src/main.rs b/fishctl/src/main.rs
index bf84826..7b4c33e 100644
--- a/fishctl/src/main.rs
+++ b/fishctl/src/main.rs
@@ -1,5 +1,6 @@
 mod command;
 mod config;
+mod util;
 
 use color_print::cprintln;
 use std::process::ExitCode;
diff --git a/fishctl/src/util/mod.rs b/fishctl/src/util/mod.rs
new file mode 100644
index 0000000..8eca996
--- /dev/null
+++ b/fishctl/src/util/mod.rs
@@ -0,0 +1 @@
+pub(crate) mod vapid;
diff --git a/fishctl/src/util/vapid.rs b/fishctl/src/util/vapid.rs
new file mode 100644
index 0000000..6bf8416
--- /dev/null
+++ b/fishctl/src/util/vapid.rs
@@ -0,0 +1,16 @@
+#[derive(thiserror::Error, Debug)]
+#[error("failed to generate a Vapid key ({0})")]
+pub struct VapidError(String);
+
+pub(crate) struct VapidKey {
+    pub(crate) public_key: String,
+    pub(crate) private_key: String,
+}
+
+pub(crate) fn generate_vapid_keys() -> Result<VapidKey, VapidError> {
+    let keypair = vapid::Key::generate().map_err(|err| VapidError(err.to_string()))?;
+    Ok(VapidKey {
+        public_key: keypair.to_public_raw(),
+        private_key: keypair.to_private_raw(),
+    })
+}