diff --git a/src/CrossSigningManager.js b/src/CrossSigningManager.js
index a584a69d35..fe07a821c6 100644
--- a/src/CrossSigningManager.js
+++ b/src/CrossSigningManager.js
@@ -132,24 +132,14 @@ const onSecretRequested = async function({
     if (name.startsWith("m.cross_signing")) {
         const callbacks = client.getCrossSigningCacheCallbacks();
         if (!callbacks.getCrossSigningKeyCache) return;
-        /* Explicit enumeration here is deliberate – never share the master key! */
-        if (name === "m.cross_signing.self_signing") {
-            const key = await callbacks.getCrossSigningKeyCache("self_signing");
-            if (!key) {
-                console.log(
-                    `self_signing requested by ${deviceId}, but not found in cache`,
-                );
-            }
-            return key && encodeBase64(key);
-        } else if (name === "m.cross_signing.user_signing") {
-            const key = await callbacks.getCrossSigningKeyCache("user_signing");
-            if (!key) {
-                console.log(
-                    `user_signing requested by ${deviceId}, but not found in cache`,
-                );
-            }
-            return key && encodeBase64(key);
+        const keyId = name.replace("m.cross_signing.", "");
+        const key = await callbacks.getCrossSigningKeyCache(keyId);
+        if (!key) {
+            console.log(
+                `${keyId} requested by ${deviceId}, but not found in cache`,
+            );
         }
+        return key && encodeBase64(key);
     } else if (name === "m.megolm_backup.v1") {
         const key = await client._crypto.getSessionBackupPrivateKey();
         if (!key) {