diff --git a/apis/settings_test.go b/apis/settings_test.go
index 3c20a750..87d3e116 100644
--- a/apis/settings_test.go
+++ b/apis/settings_test.go
@@ -97,8 +97,9 @@ func TestSettingsSet(t *testing.T) {
 
 	validData := `{
 		"meta":{"appName":"update_test"},
-		"s3":{"secret": "s3_secret"},
-		"backups":{"s3":{"secret":"backups_s3_secret"}}
+		"smtp":{"password": "new_smtp_password"},
+		"s3":{"secret": "new_s3_secret"},
+		"backups":{"s3":{"secret":"new_backups_s3_secret"}}
 	}`
 
 	scenarios := []tests.ApiScenario{
@@ -179,6 +180,25 @@ func TestSettingsSet(t *testing.T) {
 			Headers: map[string]string{
 				"Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY",
 			},
+			AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) {
+				settings := app.Settings()
+
+				// verify that the secret values are persisted
+				secrets := map[string]struct {
+					current  string
+					expected string
+				}{
+					"smtp.password":     {settings.SMTP.Password, "new_smtp_password"},
+					"s3.secret":         {settings.S3.Secret, "new_s3_secret"},
+					"backups.s3.secret": {settings.Backups.S3.Secret, "new_backups_s3_secret"},
+				}
+
+				for name, secret := range secrets {
+					if secret.current != secret.expected {
+						t.Errorf("[%s] expected secret %q, got %q", name, secret.expected, secret.current)
+					}
+				}
+			},
 			ExpectedStatus: 200,
 			ExpectedContent: []string{
 				`"meta":{`,