diff --git a/cache.go b/cache.go
index 7fa54fd..379b0aa 100644
--- a/cache.go
+++ b/cache.go
@@ -62,6 +62,22 @@ func NewCache(backend SecretBackend, timeouts Timeouts, logConfig log.Config, no
 	return &Cache{logger, NewSecretMap(timeouts, now), backend, timeouts, now}
 }
 
+// Warmup reads the secret list from the backend to prime the cache.
+// Should only be called after creating a new cache on startup.
+func (c *Cache) Warmup() {
+	// Attempt to warmup cache
+	newMap := NewSecretMap(c.timeouts, c.now)
+	secrets, ok := c.backend.SecretList()
+	if ok {
+		for _, backendSecret := range secrets {
+			newMap.Put(backendSecret.Name, backendSecret)
+		}
+		c.secretMap.Overwrite(newMap)
+	} else {
+		c.Warnf("Failed to warmup cache on startup")
+	}
+}
+
 // Clear empties the internal cache. This function does not honor the
 // delayed deletion contract. The function is called when the user deletes
 // .clear_cache.
@@ -277,24 +293,3 @@ func (c *Cache) backendSecretList() chan []Secret {
 	}()
 	return secretsc
 }
-
-// Ping backend on startup
-// TODO: convert this to a regular ping
-func (c *Cache) pingBackend() bool {
-	secrets, ok := c.backend.SecretList()
-	if !ok {
-		return false
-	}
-
-	// Create a copy of the current map and mark all the elements as deleted.
-	newMap := NewSecretMap(c.timeouts, c.now)
-	newMap.Overwrite(c.secretMap)
-	newMap.DeleteAll()
-	for _, backendSecret := range secrets {
-		newMap.Put(backendSecret.Name, backendSecret)
-	}
-	// TODO: this code isn't concurrency safe! We could write it so that in the worst case a secret gets marked as deleted instead of
-	// getting dropped on the floor.
-	c.secretMap.Overwrite(newMap)
-	return true
-}
diff --git a/main.go b/main.go
index 8ddab76..35823e0 100644
--- a/main.go
+++ b/main.go
@@ -39,7 +39,6 @@ var (
 	caFile        = app.Flag("ca", "PEM-encoded CA certificates file").PlaceHolder("FILE").Required().String()
 	asuser        = app.Flag("asuser", "Default user to own files").Default("keywhiz").String()
 	asgroup       = app.Flag("group", "Default group to own files").Default("keywhiz").String()
-	ping          = app.Flag("ping", "Enable startup ping to server").Default("false").Bool()
 	debug         = app.Flag("debug", "Enable debugging output").Default("false").Bool()
 	timeout       = app.Flag("timeout", "Timeout for communication with server").Default("20s").Duration()
 	metricsURL    = app.Flag("metrics-url", "Collect metrics and POST them periodically to the given URL (via HTTP/JSON).").PlaceHolder("URL").String()
@@ -111,16 +110,7 @@ func main() {
 		}
 	}()
 
-	// Prime cache: we retrieve the initial secrets list right away, so that
-	// we can make sure we're ready to show contents as soon as we get mounted.
-	if *ping {
-		ok := kwfs.Cache.pingBackend()
-		if !ok {
-			fmt.Fprintf(os.Stderr, "unable to talk to backend")
-			os.Exit(1)
-		}
-	}
-
+	kwfs.Cache.Warmup()
 	server.Serve()
 	logger.Infof("Exiting")
 }