diff --git a/lib/do_profile/do_create.js b/lib/do_profile/do_create.js
index 428ff35..8157c65 100644
--- a/lib/do_profile/do_create.js
+++ b/lib/do_profile/do_create.js
@@ -259,6 +259,7 @@ function _createProfile(opts, cb) {
             }, {
                 desc: keyIdDesc,
                 key: 'keyId',
+                default: defaults.keyId,
                 validate: function validateKeyId(value, valCb) {
                     // First try as a fingerprint.
                     try {
diff --git a/lib/do_profile/profilecommon.js b/lib/do_profile/profilecommon.js
index 22cb75d..55a63b9 100644
--- a/lib/do_profile/profilecommon.js
+++ b/lib/do_profile/profilecommon.js
@@ -324,9 +324,10 @@ function profileDockerSetup(opts, cb) {
             }
 
             var kr = new auth.KeyRing();
-            kr.list(function (listErr, keyMap) {
-                if (listErr) {
-                    next(listErr);
+            var profileFp = sshpk.parseFingerprint(tritonapi.profile.keyId);
+            kr.find(profileFp, function (findErr, keyPairs) {
+                if (findErr) {
+                    next(findErr);
                     return;
                 }
 
@@ -334,7 +335,6 @@ function profileDockerSetup(opts, cb) {
                  * If our keyId was found, and with the 'homedir' plugin, then
                  * we should have access to the private key (modulo unlocking).
                  */
-                var keyPairs = keyMap[tritonapi.profile.keyId] || [];
                 var homedirKeyPair;
                 for (var i = 0; i < keyPairs.length; i++) {
                     if (keyPairs[i].plugin === 'homedir') {