diff --git a/examples/test-device/src/main.rs b/examples/test-device/src/main.rs
index 82a4741..6d505b4 100644
--- a/examples/test-device/src/main.rs
+++ b/examples/test-device/src/main.rs
@@ -6,6 +6,7 @@ use tokio;
 #[tokio::main]
 async fn main() {
     let app_secret = yup_oauth2::read_application_secret(path::Path::new("clientsecret.json"))
+        .await
         .expect("clientsecret");
     let auth = DeviceFlowAuthenticator::builder(app_secret)
         .persist_tokens_to_disk("tokenstorage.json")
diff --git a/examples/test-installed/src/main.rs b/examples/test-installed/src/main.rs
index 3febb75..c59f9c9 100644
--- a/examples/test-installed/src/main.rs
+++ b/examples/test-installed/src/main.rs
@@ -5,6 +5,7 @@ use std::path::Path;
 #[tokio::main]
 async fn main() {
     let app_secret = yup_oauth2::read_application_secret(Path::new("clientsecret.json"))
+        .await
         .expect("clientsecret.json");
 
     let auth =
diff --git a/examples/test-svc-acct/src/main.rs b/examples/test-svc-acct/src/main.rs
index bf8f564..ee79ece 100644
--- a/examples/test-svc-acct/src/main.rs
+++ b/examples/test-svc-acct/src/main.rs
@@ -3,7 +3,9 @@ use yup_oauth2::ServiceAccountAuthenticator;
 
 #[tokio::main]
 async fn main() {
-    let creds = yup_oauth2::read_service_account_key("serviceaccount.json").unwrap();
+    let creds = yup_oauth2::read_service_account_key("serviceaccount.json")
+        .await
+        .unwrap();
     let sa = ServiceAccountAuthenticator::builder(creds)
         .build()
         .await
diff --git a/src/authenticator.rs b/src/authenticator.rs
index e412862..5546739 100644
--- a/src/authenticator.rs
+++ b/src/authenticator.rs
@@ -88,7 +88,7 @@ pub struct AuthenticatorBuilder<C, F> {
 /// # async fn foo() {
 /// # use yup_oauth2::InstalledFlowReturnMethod;
 /// # let custom_flow_delegate = yup_oauth2::authenticator_delegate::DefaultFlowDelegate;
-/// # let app_secret = yup_oauth2::read_application_secret("/tmp/foo").unwrap();
+/// # let app_secret = yup_oauth2::read_application_secret("/tmp/foo").await.unwrap();
 ///     let authenticator = yup_oauth2::InstalledFlowAuthenticator::builder(
 ///         app_secret,
 ///         InstalledFlowReturnMethod::HTTPRedirect,
@@ -114,7 +114,7 @@ impl InstalledFlowAuthenticator {
 /// Create an authenticator that uses the device flow.
 /// ```
 /// # async fn foo() {
-/// # let app_secret = yup_oauth2::read_application_secret("/tmp/foo").unwrap();
+/// # let app_secret = yup_oauth2::read_application_secret("/tmp/foo").await.unwrap();
 ///     let authenticator = yup_oauth2::DeviceFlowAuthenticator::builder(app_secret)
 ///         .build()
 ///         .await
@@ -134,7 +134,7 @@ impl DeviceFlowAuthenticator {
 /// Create an authenticator that uses a service account.
 /// ```
 /// # async fn foo() {
-/// # let service_account_key = yup_oauth2::read_service_account_key("/tmp/foo").unwrap();
+/// # let service_account_key = yup_oauth2::read_service_account_key("/tmp/foo").await.unwrap();
 ///     let authenticator = yup_oauth2::ServiceAccountAuthenticator::builder(service_account_key)
 ///         .build()
 ///         .await
@@ -159,7 +159,7 @@ impl ServiceAccountAuthenticator {
 /// # async fn foo() {
 /// # let custom_hyper_client = hyper::Client::new();
 /// # let custom_auth_delegate = yup_oauth2::authenticator_delegate::DefaultAuthenticatorDelegate;
-/// # let app_secret = yup_oauth2::read_application_secret("/tmp/foo").unwrap();
+/// # let app_secret = yup_oauth2::read_application_secret("/tmp/foo").await.unwrap();
 ///     let authenticator = yup_oauth2::DeviceFlowAuthenticator::builder(app_secret)
 ///         .hyper_client(custom_hyper_client)
 ///         .persist_tokens_to_disk("/tmp/tokenfile.json")
@@ -241,7 +241,7 @@ impl<C, F> AuthenticatorBuilder<C, F> {
 /// ```
 /// # async fn foo() {
 /// # let custom_flow_delegate = yup_oauth2::authenticator_delegate::DefaultFlowDelegate;
-/// # let app_secret = yup_oauth2::read_application_secret("/tmp/foo").unwrap();
+/// # let app_secret = yup_oauth2::read_application_secret("/tmp/foo").await.unwrap();
 ///     let authenticator = yup_oauth2::DeviceFlowAuthenticator::builder(app_secret)
 ///         .device_code_url("foo")
 ///         .flow_delegate(Box::new(custom_flow_delegate))
@@ -317,7 +317,7 @@ impl<C> AuthenticatorBuilder<C, DeviceFlow> {
 /// # async fn foo() {
 /// # use yup_oauth2::InstalledFlowReturnMethod;
 /// # let custom_flow_delegate = yup_oauth2::authenticator_delegate::DefaultFlowDelegate;
-/// # let app_secret = yup_oauth2::read_application_secret("/tmp/foo").unwrap();
+/// # let app_secret = yup_oauth2::read_application_secret("/tmp/foo").await.unwrap();
 ///     let authenticator = yup_oauth2::InstalledFlowAuthenticator::builder(
 ///         app_secret,
 ///         InstalledFlowReturnMethod::HTTPRedirect,
@@ -358,7 +358,7 @@ impl<C> AuthenticatorBuilder<C, InstalledFlow> {
 /// ## Methods available when building a service account authenticator.
 /// ```
 /// # async fn foo() {
-/// # let service_account_key = yup_oauth2::read_service_account_key("/tmp/foo").unwrap();
+/// # let service_account_key = yup_oauth2::read_service_account_key("/tmp/foo").await.unwrap();
 ///     let authenticator = yup_oauth2::ServiceAccountAuthenticator::builder(
 ///         service_account_key,
 ///     )
diff --git a/src/helper.rs b/src/helper.rs
index a8f0061..81200f6 100644
--- a/src/helper.rs
+++ b/src/helper.rs
@@ -11,18 +11,19 @@ use std::io;
 use std::path::Path;
 
 /// Read an application secret from a file.
-pub fn read_application_secret<P: AsRef<Path>>(path: P) -> io::Result<ApplicationSecret> {
-    parse_application_secret(std::fs::read_to_string(path)?)
+pub async fn read_application_secret<P: AsRef<Path>>(path: P) -> io::Result<ApplicationSecret> {
+    parse_application_secret(tokio::fs::read(path).await?)
 }
 
 /// Read an application secret from a JSON string.
-pub fn parse_application_secret<S: AsRef<str>>(secret: S) -> io::Result<ApplicationSecret> {
-    let decoded: ConsoleApplicationSecret = serde_json::from_str(secret.as_ref()).map_err(|e| {
-        io::Error::new(
-            io::ErrorKind::InvalidData,
-            format!("Bad application secret: {}", e),
-        )
-    })?;
+pub fn parse_application_secret<S: AsRef<[u8]>>(secret: S) -> io::Result<ApplicationSecret> {
+    let decoded: ConsoleApplicationSecret =
+        serde_json::from_slice(secret.as_ref()).map_err(|e| {
+            io::Error::new(
+                io::ErrorKind::InvalidData,
+                format!("Bad application secret: {}", e),
+            )
+        })?;
 
     if let Some(web) = decoded.web {
         Ok(web)
@@ -38,9 +39,9 @@ pub fn parse_application_secret<S: AsRef<str>>(secret: S) -> io::Result<Applicat
 
 /// Read a service account key from a JSON file. You can download the JSON keys from the Google
 /// Cloud Console or the respective console of your service provider.
-pub fn read_service_account_key<P: AsRef<Path>>(path: P) -> io::Result<ServiceAccountKey> {
-    let key = std::fs::read_to_string(path)?;
-    serde_json::from_str(&key).map_err(|e| {
+pub async fn read_service_account_key<P: AsRef<Path>>(path: P) -> io::Result<ServiceAccountKey> {
+    let key = tokio::fs::read(path).await?;
+    serde_json::from_slice(&key).map_err(|e| {
         io::Error::new(
             io::ErrorKind::InvalidData,
             format!("Bad service account key: {}", e),
diff --git a/src/lib.rs b/src/lib.rs
index 81520f9..aa7c0fb 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -45,6 +45,7 @@
 //!     // Read application secret from a file. Sometimes it's easier to compile it directly into
 //!     // the binary. The clientsecret file contains JSON like `{"installed":{"client_id": ... }}`
 //!     let secret = yup_oauth2::read_application_secret("clientsecret.json")
+//!         .await
 //!         .expect("clientsecret.json");
 //!
 //!     // Create an authenticator that uses an InstalledFlow to authenticate. The
diff --git a/src/service_account.rs b/src/service_account.rs
index 36bb994..d584b26 100644
--- a/src/service_account.rs
+++ b/src/service_account.rs
@@ -330,7 +330,9 @@ mod tests {
     //#[tokio::test]
     #[allow(dead_code)]
     async fn test_service_account_e2e() {
-        let key = read_service_account_key(&TEST_PRIVATE_KEY_PATH.to_string()).unwrap();
+        let key = read_service_account_key(TEST_PRIVATE_KEY_PATH)
+            .await
+            .unwrap();
         let acc = ServiceAccountFlow::new(ServiceAccountFlowOpts { key, subject: None }).unwrap();
         let https = HttpsConnector::new();
         let client = hyper::Client::builder()
@@ -343,9 +345,11 @@ mod tests {
         );
     }
 
-    #[test]
-    fn test_jwt_initialize_claims() {
-        let key = read_service_account_key(TEST_PRIVATE_KEY_PATH).unwrap();
+    #[tokio::test]
+    async fn test_jwt_initialize_claims() {
+        let key = read_service_account_key(TEST_PRIVATE_KEY_PATH)
+            .await
+            .unwrap();
         let scopes = vec!["scope1", "scope2", "scope3"];
         let claims = Claims::new(&key, &scopes, None);
 
@@ -363,9 +367,11 @@ mod tests {
         assert_eq!(claims.exp - claims.iat, 3595);
     }
 
-    #[test]
-    fn test_jwt_sign() {
-        let key = read_service_account_key(TEST_PRIVATE_KEY_PATH).unwrap();
+    #[tokio::test]
+    async fn test_jwt_sign() {
+        let key = read_service_account_key(TEST_PRIVATE_KEY_PATH)
+            .await
+            .unwrap();
         let scopes = vec!["scope1", "scope2", "scope3"];
         let signer = JWTSigner::new(&key.private_key).unwrap();
         let claims = Claims::new(&key, &scopes, None);