Scan-based side-channel attack has become a severe threat to the security of the cipher key in cryptographic chips. Among existing countermeasures, the methods based on lock and key scheme are more effective and popular. For these methods, how to secure the test key and how to overcome the vulnerability of sharing a hardcoded key become new concerns to be solved. In this paper, we propose to adopt the physical unclonable function (PUF) design to generate a unique test key for each chip. The uniqueness of PUF enables each chip taped out from one mask to hold a different test key. The PUF response is solidified into design upon its generation to overcome the imperfect reliability. Only the chip designer can retrieve PUF response from an obfuscated response under a validation test vector. The overall secure design is implemented by fully reusing the scan design to minimize the overhead. The proposed secure scan design with PUF-based key can protect the crypto chips against all typical scan-based side-channel attacks while incurring negligibly low overhead.