diff --git a/config/development.toml b/config/development.toml
index 29beed992f..3cdb4f3111 100644
--- a/config/development.toml
+++ b/config/development.toml
@@ -13,7 +13,7 @@ use_xray_generator = false
 bg_metrics_collection_interval_in_secs = 15
 
 [key_manager]
-url = "http://localhost:5000"
+enabled = false
 
 # TODO: Update database credentials before running application
 [master_database]
diff --git a/crates/common_utils/src/types/keymanager.rs b/crates/common_utils/src/types/keymanager.rs
index abcb7aa87f..078f1f3fcd 100644
--- a/crates/common_utils/src/types/keymanager.rs
+++ b/crates/common_utils/src/types/keymanager.rs
@@ -25,7 +25,7 @@ use crate::{
 
 #[derive(Debug, Clone)]
 pub struct KeyManagerState {
-    pub enabled: Option<bool>,
+    pub enabled: bool,
     pub url: String,
     pub client_idle_timeout: Option<u64>,
     #[cfg(feature = "km_forward_x_request_id")]
diff --git a/crates/hyperswitch_domain_models/src/type_encryption.rs b/crates/hyperswitch_domain_models/src/type_encryption.rs
index 0ff37b0bc2..983528dee9 100644
--- a/crates/hyperswitch_domain_models/src/type_encryption.rs
+++ b/crates/hyperswitch_domain_models/src/type_encryption.rs
@@ -101,7 +101,7 @@ mod encrypt {
     fn is_encryption_service_enabled(_state: &KeyManagerState) -> bool {
         #[cfg(feature = "encryption_service")]
         {
-            _state.enabled.unwrap_or_default()
+            _state.enabled
         }
         #[cfg(not(feature = "encryption_service"))]
         {
diff --git a/crates/router/src/configs/defaults.rs b/crates/router/src/configs/defaults.rs
index ead168b7d0..88011529bb 100644
--- a/crates/router/src/configs/defaults.rs
+++ b/crates/router/src/configs/defaults.rs
@@ -12495,16 +12495,3 @@ pub fn get_shipping_required_fields() -> HashMap<String, RequiredFieldInfo> {
         ),
     ])
 }
-
-impl Default for super::settings::KeyManagerConfig {
-    fn default() -> Self {
-        Self {
-            enabled: None,
-            url: String::from("localhost:5000"),
-            #[cfg(feature = "keymanager_mtls")]
-            ca: String::default().into(),
-            #[cfg(feature = "keymanager_mtls")]
-            cert: String::default().into(),
-        }
-    }
-}
diff --git a/crates/router/src/configs/secrets_transformers.rs b/crates/router/src/configs/secrets_transformers.rs
index e1b68efc44..0f25477802 100644
--- a/crates/router/src/configs/secrets_transformers.rs
+++ b/crates/router/src/configs/secrets_transformers.rs
@@ -232,14 +232,22 @@ impl SecretsHandler for settings::KeyManagerConfig {
         let keyconfig = value.get_inner();
 
         #[cfg(feature = "keymanager_mtls")]
-        let ca = _secret_management_client
-            .get_secret(keyconfig.ca.clone())
-            .await?;
+        let ca = if keyconfig.enabled {
+            _secret_management_client
+                .get_secret(keyconfig.ca.clone())
+                .await?
+        } else {
+            keyconfig.ca.clone()
+        };
 
         #[cfg(feature = "keymanager_mtls")]
-        let cert = _secret_management_client
-            .get_secret(keyconfig.cert.clone())
-            .await?;
+        let cert = if keyconfig.enabled {
+            _secret_management_client
+                .get_secret(keyconfig.cert.clone())
+                .await?
+        } else {
+            keyconfig.ca.clone()
+        };
 
         Ok(value.transition_state(|keyconfig| Self {
             #[cfg(feature = "keymanager_mtls")]
diff --git a/crates/router/src/configs/settings.rs b/crates/router/src/configs/settings.rs
index e59dd73cd3..1124423714 100644
--- a/crates/router/src/configs/settings.rs
+++ b/crates/router/src/configs/settings.rs
@@ -215,9 +215,10 @@ pub struct KvConfig {
     pub soft_kill: Option<bool>,
 }
 
-#[derive(Debug, Deserialize, Clone)]
+#[derive(Debug, Deserialize, Clone, Default)]
+#[serde(default)]
 pub struct KeyManagerConfig {
-    pub enabled: Option<bool>,
+    pub enabled: bool,
     pub url: String,
     #[cfg(feature = "keymanager_mtls")]
     pub cert: Secret<String>,
@@ -863,6 +864,8 @@ impl Settings<SecuredSecret> {
             .map(|x| x.get_inner().validate())
             .transpose()?;
 
+        self.key_manager.get_inner().validate()?;
+
         Ok(())
     }
 }
diff --git a/crates/router/src/configs/validations.rs b/crates/router/src/configs/validations.rs
index bfea4eee42..f109fe3f77 100644
--- a/crates/router/src/configs/validations.rs
+++ b/crates/router/src/configs/validations.rs
@@ -235,3 +235,25 @@ impl super::settings::NetworkTokenizationService {
         })
     }
 }
+
+impl super::settings::KeyManagerConfig {
+    pub fn validate(&self) -> Result<(), ApplicationError> {
+        use common_utils::fp_utils::when;
+
+        #[cfg(feature = "keymanager_mtls")]
+        when(
+            self.enabled && (self.ca.is_default_or_empty() || self.cert.is_default_or_empty()),
+            || {
+                Err(ApplicationError::InvalidConfigurationValueError(
+                    "Invalid CA or Certificate for Keymanager.".into(),
+                ))
+            },
+        )?;
+
+        when(self.enabled && self.url.is_default_or_empty(), || {
+            Err(ApplicationError::InvalidConfigurationValueError(
+                "Invalid URL for Keymanager".into(),
+            ))
+        })
+    }
+}