diff --git a/automation/test.sh b/automation/test.sh
index 45b094fb..f923350e 100755
--- a/automation/test.sh
+++ b/automation/test.sh
@@ -16,6 +16,7 @@ test_id=$(docker run \
 	-e RESIN_API_HOST=api.resindev.io \
 	-e RESIN_VPN_GATEWAY=10.2.0.1 \
 	-e VPN_SERVICE_API_KEY=test_api_key \
+	-e PROXY_SERVICE_API_KEY=test_proxy_key \
 	-e VPN_HOST=127.0.0.1 \
 	-e VPN_MANAGEMENT_PORT=11195 \
 	-e VPN_API_PORT=80 \
diff --git a/test/connect-proxy/device.coffee b/test/connect-proxy/device.coffee
index d7ff7bec..acaf052c 100644
--- a/test/connect-proxy/device.coffee
+++ b/test/connect-proxy/device.coffee
@@ -9,8 +9,6 @@ expect = chai.expect
 
 nock.disableNetConnect()
 
-process.env.VPN_SERVICE_API_KEY = 'test-vpn-service-api-key'
-
 { getDeviceByUUID, isAccessible } = require '../../src/connect-proxy/device'
 
 beforeEach ->
@@ -75,6 +73,19 @@ describe 'isAccessible()', ->
 		access = isAccessible(@mockDevice, 80, null)
 		expect(access).to.be.false
 
+	it 'should allow access for the proxy on port 22222', ->
+		auth =
+			username: 'resin_proxy'
+			password: process.env.PROXY_SERVICE_API_KEY
+
+		access = isAccessible(@mockDevice, 22222, auth)
+		expect(access).to.be.true
+
+	it 'should disallow unauthorized access on port 22222', ->
+		@mockDevice.is_web_accessible = true
+		access = isAccessible(@mockDevice, 22222, null)
+		expect(access).to.be.false
+
 	it 'should disallow access when port is not allowed', ->
 		@mockDevice.is_web_accessible = true
 		access = isAccessible(@mockDevice, 22, null)