diff --git a/api/client.go b/api/client.go
index e4da693..ce85767 100644
--- a/api/client.go
+++ b/api/client.go
@@ -37,7 +37,7 @@ type Client struct {
 	metadataKeySettings MetadataKeySettings
 
 	// Server Settings for password expiry
-	PasswordExpirySettings PasswordExpirySettings
+	passwordExpirySettings PasswordExpirySettings
 
 	// used for solving MFA challenges. You can block this to for example wait for user input.
 	// You shouden't run any unrelated API Calls while you are in this callback.
@@ -239,20 +239,20 @@ func (c *Client) setMetadataTypeSettings(ctx context.Context, settings *ServerSe
 	return nil
 }
 
-// setPasswordExpirySettings Gets and configures the Client to use the password expiry plugin
+// setPasswordExpirySettings fetches and configures the Client to use the password expiry plugin
 func (c *Client) setPasswordExpirySettings(ctx context.Context, settings *ServerSettingsResponse) error {
 	if settings.Passbolt.IsPluginEnabled("passwordExpiry") && settings.Passbolt.IsPluginEnabled("passwordExpiryPolicies") {
 		c.log("Server has password expiry plugin enabled.")
-		passwordExpirySettings, err := c.GetServerPasswordExpirySettings(ctx)
+		passwordExpirySettings, err := c.getServerPasswordExpirySettings(ctx)
 		if err != nil {
 			return fmt.Errorf("Getting Password Expiry Settings: %w", err)
 		}
 
 		c.log("passwordExpirySettings: %+v", passwordExpirySettings)
-		c.PasswordExpirySettings = *passwordExpirySettings
+		c.passwordExpirySettings = *passwordExpirySettings
 	} else {
 		c.log("Server has password expiry plugin disabled or not installed.")
-		c.PasswordExpirySettings = getDefaultPasswordExpirySettings()
+		c.passwordExpirySettings = getDefaultPasswordExpirySettings()
 	}
 
 	return nil
@@ -262,3 +262,8 @@ func (c *Client) setPasswordExpirySettings(ctx context.Context, settings *Server
 func (c *Client) GetPGPHandle() *crypto.PGPHandle {
 	return c.pgp
 }
+
+// GetPasswordExpirySettings returns the password expiry settings for the client
+func (c *Client) GetPasswordExpirySettings() PasswordExpirySettings {
+	return c.passwordExpirySettings
+}
diff --git a/api/password_expiry.go b/api/password_expiry.go
index b5c756d..a375b6e 100644
--- a/api/password_expiry.go
+++ b/api/password_expiry.go
@@ -20,8 +20,8 @@ type PasswordExpirySettings struct {
 	ModifiedBy               string    `json:"modified_by"`
 }
 
-// GetServerPasswordExpirySettings gets the servers password expiry settings
-func (c *Client) GetServerPasswordExpirySettings(ctx context.Context) (*PasswordExpirySettings, error) {
+// getServerPasswordExpirySettings gets the servers password expiry settings
+func (c *Client) getServerPasswordExpirySettings(ctx context.Context) (*PasswordExpirySettings, error) {
 	msg, err := c.DoCustomRequestV5(ctx, "GET", "/password-expiry/settings.json", nil, nil)
 	if err != nil {
 		return nil, err
diff --git a/helper/resource_create.go b/helper/resource_create.go
index 88fffbb..e8c98db 100644
--- a/helper/resource_create.go
+++ b/helper/resource_create.go
@@ -100,8 +100,9 @@ func CreateResourceV5(ctx context.Context, c *api.Client, folderParentID, name,
 	}
 	resource.Secrets = []api.Secret{{Data: encSecretData}}
 
-	if c.PasswordExpirySettings.DefaultExpiryPeriod != 0 {
-		expiry := time.Now().Add(time.Hour * 24 * time.Duration(c.PasswordExpirySettings.DefaultExpiryPeriod))
+	passwordExpirySettings := c.GetPasswordExpirySettings()
+	if passwordExpirySettings.DefaultExpiryPeriod != 0 {
+		expiry := time.Now().Add(time.Hour * 24 * time.Duration(passwordExpirySettings.DefaultExpiryPeriod))
 		resource.Expired = &api.Time{Time: expiry}
 	}
 
@@ -160,8 +161,9 @@ func CreateResourceV4(ctx context.Context, c *api.Client, folderParentID, name,
 	}
 	resource.Secrets = []api.Secret{{Data: encSecretData}}
 
-	if c.PasswordExpirySettings.DefaultExpiryPeriod != 0 {
-		expiry := time.Now().Add(time.Hour * 24 * time.Duration(c.PasswordExpirySettings.DefaultExpiryPeriod))
+	passwordExpirySettings := c.GetPasswordExpirySettings()
+	if passwordExpirySettings.DefaultExpiryPeriod != 0 {
+		expiry := time.Now().Add(time.Hour * 24 * time.Duration(passwordExpirySettings.DefaultExpiryPeriod))
 		resource.Expired = &api.Time{Time: expiry}
 	}
 
diff --git a/helper/resource_update.go b/helper/resource_update.go
index d91bb0f..3c6b82b 100644
--- a/helper/resource_update.go
+++ b/helper/resource_update.go
@@ -377,8 +377,9 @@ func UpdateResource(ctx context.Context, c *api.Client, resourceID, name, userna
 		})
 	}
 
-	if resource.Expired != nil && c.PasswordExpirySettings.AutomaticUpdate {
-		expiry := time.Now().Add(time.Hour * 24 * time.Duration(c.PasswordExpirySettings.DefaultExpiryPeriod))
+	passwordExpirySettings := c.GetPasswordExpirySettings()
+	if resource.Expired != nil && passwordExpirySettings.AutomaticUpdate {
+		expiry := time.Now().Add(time.Hour * 24 * time.Duration(passwordExpirySettings.DefaultExpiryPeriod))
 		newResource.Expired = &api.Time{expiry}
 	}