diff --git a/watchtower/wtdb/client_session.go b/watchtower/wtdb/client_session.go
index f7b531fe..e022bee1 100644
--- a/watchtower/wtdb/client_session.go
+++ b/watchtower/wtdb/client_session.go
@@ -4,7 +4,6 @@ import (
 	"errors"
 
 	"github.com/btcsuite/btcd/btcec"
-	"github.com/lightningnetwork/lnd/keychain"
 	"github.com/lightningnetwork/lnd/lnwire"
 	"github.com/lightningnetwork/lnd/watchtower/wtpolicy"
 )
@@ -57,14 +56,17 @@ type ClientSession struct {
 	// tower with TowerID.
 	Tower *Tower
 
-	// SessionKeyDesc is the key descriptor used to derive the client's
+	// KeyIndex is the index of key locator used to derive the client's
 	// session key so that it can authenticate with the tower to update its
-	// session.
-	SessionKeyDesc keychain.KeyLocator
+	// session. In order to rederive the private key, the key locator should
+	// use the keychain.KeyFamilyTowerSession key family.
+	KeyIndex uint32
 
 	// SessionPrivKey is the ephemeral secret key used to connect to the
 	// watchtower.
-	// TODO(conner): remove after HD keys
+	//
+	// NOTE: This value is not serialized. It is derived using the KeyIndex
+	// on startup to avoid storing private keys on disk.
 	SessionPrivKey *btcec.PrivateKey
 
 	// Policy holds the negotiated session parameters.
diff --git a/watchtower/wtmock/client_db.go b/watchtower/wtmock/client_db.go
index ad5ca79d..fc0402de 100644
--- a/watchtower/wtmock/client_db.go
+++ b/watchtower/wtmock/client_db.go
@@ -104,7 +104,7 @@ func (m *ClientDB) CreateClientSession(session *wtdb.ClientSession) error {
 
 	m.activeSessions[session.ID] = &wtdb.ClientSession{
 		TowerID:          session.TowerID,
-		SessionKeyDesc:   session.SessionKeyDesc,
+		KeyIndex:         session.KeyIndex,
 		SessionPrivKey:   session.SessionPrivKey,
 		ID:               session.ID,
 		Policy:           session.Policy,