diff --git a/proxy/src/auth/backend/mod.rs b/proxy/src/auth/backend/mod.rs
index 71fd90f6a2..b6ddba05ef 100644
--- a/proxy/src/auth/backend/mod.rs
+++ b/proxy/src/auth/backend/mod.rs
@@ -386,8 +386,8 @@ impl ControlPlaneBackend {
 }
 
 pub struct ControlPlaneComputeBackend<'a> {
-    pub(crate) api: &'a ControlPlaneBackend,
-    pub(crate) creds: ComputeCredentials,
+    api: &'a ControlPlaneBackend,
+    creds: ComputeCredentials,
 }
 
 #[async_trait::async_trait]
diff --git a/proxy/src/proxy/tests/mod.rs b/proxy/src/proxy/tests/mod.rs
index 2e2caf0416..01bda948da 100644
--- a/proxy/src/proxy/tests/mod.rs
+++ b/proxy/src/proxy/tests/mod.rs
@@ -558,16 +558,14 @@ fn helper_create_connect_info(
         mechanism.clone(),
     ))));
 
-    let creds = ComputeCredentials {
+    api.attach_to_credentials(ComputeCredentials {
         info: ComputeUserInfo {
             endpoint: "endpoint".into(),
             user: "user".into(),
             options: NeonOptions::parse_options_raw(""),
         },
         keys: ComputeCredentialKeys::Password("password".into()),
-    };
-
-    ControlPlaneComputeBackend { api, creds }
+    })
 }
 
 #[tokio::test]
diff --git a/proxy/src/serverless/backend.rs b/proxy/src/serverless/backend.rs
index a02f666e02..69188ba9ac 100644
--- a/proxy/src/serverless/backend.rs
+++ b/proxy/src/serverless/backend.rs
@@ -8,7 +8,7 @@ use tracing::{field::display, info};
 use crate::{
     auth::{
         backend::{local::StaticAuthRules, ComputeCredentials, ComputeUserInfo},
-        check_peer_addr_is_in_list, AuthError,
+        check_peer_addr_is_in_list, AuthError, ServerlessBackend,
     },
     compute,
     config::ProxyConfig,
@@ -38,7 +38,7 @@ pub(crate) struct PoolingBackend {
     pub(crate) http_conn_pool: Arc<super::http_conn_pool::GlobalConnPool>,
     pub(crate) pool: Arc<GlobalConnPool<tokio_postgres::Client>>,
     pub(crate) config: &'static ProxyConfig,
-    pub(crate) auth_backend: crate::auth::ServerlessBackend<'static>,
+    pub(crate) auth_backend: ServerlessBackend<'static>,
     pub(crate) endpoint_rate_limiter: Arc<EndpointRateLimiter>,
 }
 
@@ -50,8 +50,8 @@ impl PoolingBackend {
         password: &[u8],
     ) -> Result<ComputeCredentials, AuthError> {
         let cplane = match &self.auth_backend {
-            crate::auth::ServerlessBackend::ControlPlane(cplane) => cplane,
-            crate::auth::ServerlessBackend::Local(_local) => {
+            ServerlessBackend::ControlPlane(cplane) => cplane,
+            ServerlessBackend::Local(_local) => {
                 return Err(AuthError::bad_auth_method(
                     "password authentication not supported by local_proxy",
                 ))
@@ -119,7 +119,7 @@ impl PoolingBackend {
         jwt: String,
     ) -> Result<(), AuthError> {
         match &self.auth_backend {
-            crate::auth::ServerlessBackend::ControlPlane(console) => {
+            ServerlessBackend::ControlPlane(console) => {
                 self.config
                     .authentication_config
                     .jwks_cache
@@ -135,7 +135,7 @@ impl PoolingBackend {
 
                 Ok(())
             }
-            crate::auth::ServerlessBackend::Local(_) => {
+            ServerlessBackend::Local(_) => {
                 self.config
                     .authentication_config
                     .jwks_cache
@@ -182,7 +182,7 @@ impl PoolingBackend {
         info!(%conn_id, "pool: opening a new connection '{conn_info}'");
 
         match &self.auth_backend {
-            crate::auth::ServerlessBackend::ControlPlane(cplane) => {
+            ServerlessBackend::ControlPlane(cplane) => {
                 crate::proxy::connect_compute::connect_to_compute(
                     ctx,
                     &TokioMechanism {
@@ -198,7 +198,7 @@ impl PoolingBackend {
                 )
                 .await
             }
-            crate::auth::ServerlessBackend::Local(local_proxy) => {
+            ServerlessBackend::Local(local_proxy) => {
                 crate::proxy::connect_compute::connect_to_compute(
                     ctx,
                     &TokioMechanism {
@@ -225,10 +225,10 @@ impl PoolingBackend {
         conn_info: ConnInfo,
     ) -> Result<http_conn_pool::Client, HttpConnError> {
         let cplane = match &self.auth_backend {
-            crate::auth::ServerlessBackend::Local(_) => {
+            ServerlessBackend::Local(_) => {
                 panic!("connect to local_proxy should not be called if we are already local_proxy")
             }
-            crate::auth::ServerlessBackend::ControlPlane(cplane) => cplane,
+            ServerlessBackend::ControlPlane(cplane) => cplane,
         };
 
         info!("pool: looking for an existing connection");
diff --git a/proxy/src/serverless/mod.rs b/proxy/src/serverless/mod.rs
index 1fcee1063c..8b25f542d8 100644
--- a/proxy/src/serverless/mod.rs
+++ b/proxy/src/serverless/mod.rs
@@ -55,7 +55,7 @@ pub(crate) const SERVERLESS_DRIVER_SNI: &str = "api";
 
 pub async fn task_main(
     config: &'static ProxyConfig,
-    auth_backend: crate::auth::ServerlessBackend<'static>,
+    auth_backend: ServerlessBackend<'static>,
     ws_listener: TcpListener,
     cancellation_token: CancellationToken,
     cancellation_handler: Arc<CancellationHandlerMain>,