diff --git a/po/POTFILES.in b/po/POTFILES.in
index faf173584e..e266871907 100644
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@@ -190,7 +190,6 @@
 @SRCDIR@/src/rpc/virnetsshsession.c
 @SRCDIR@/src/rpc/virnettlscontext.c
 @SRCDIR@/src/secret/secret_driver.c
-@SRCDIR@/src/secret/secret_util.c
 @SRCDIR@/src/security/security_apparmor.c
 @SRCDIR@/src/security/security_dac.c
 @SRCDIR@/src/security/security_driver.c
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 89ce6b4278..b63feb4054 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -1448,10 +1448,6 @@ virLogManagerFree;
 virLogManagerNew;
 
 
-# secret/secret_util.h
-virSecretGetSecretString;
-
-
 # security/security_driver.h
 virSecurityDriverLookup;
 
@@ -3001,6 +2997,7 @@ virSecurityLabelDefNew;
 
 
 # util/virsecret.h
+virSecretGetSecretString;
 virSecretLookupDefClear;
 virSecretLookupDefCopy;
 virSecretLookupFormatSecret;
diff --git a/src/libxl/libxl_conf.c b/src/libxl/libxl_conf.c
index 2488bb9d32..e41e84e3e2 100644
--- a/src/libxl/libxl_conf.c
+++ b/src/libxl/libxl_conf.c
@@ -41,7 +41,7 @@
 #include "libxl_conf.h"
 #include "libxl_utils.h"
 #include "virstoragefile.h"
-#include "secret_util.h"
+#include "virsecret.h"
 #include "cpu/cpu.h"
 #include "xen_common.h"
 #include "xen_xl.h"
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index b1ac7c5aa2..ce0c5b78cd 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -56,7 +56,7 @@
 #include "vircrypto.h"
 #include "virrandom.h"
 #include "virsystemd.h"
-#include "secret_util.h"
+#include "virsecret.h"
 #include "logging/log_manager.h"
 #include "locking/domain_lock.h"
 #include "virdomainsnapshotobjlist.h"
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 420d1c9c93..1cac0dc886 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -83,7 +83,7 @@
 #include "virnuma.h"
 #include "virstring.h"
 #include "virhostdev.h"
-#include "secret_util.h"
+#include "virsecret.h"
 #include "configmake.h"
 #include "nwfilter_conf.h"
 #include "netdev_bandwidth_conf.h"
diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c
index 28800a100c..262e6c4f07 100644
--- a/src/qemu/qemu_tpm.c
+++ b/src/qemu/qemu_tpm.c
@@ -42,7 +42,7 @@
 #include "configmake.h"
 #include "qemu_tpm.h"
 #include "virtpm.h"
-#include "secret_util.h"
+#include "virsecret.h"
 
 #define VIR_FROM_THIS VIR_FROM_NONE
 
diff --git a/src/secret/Makefile.inc.am b/src/secret/Makefile.inc.am
index d332060e38..4f0956a7a4 100644
--- a/src/secret/Makefile.inc.am
+++ b/src/secret/Makefile.inc.am
@@ -5,11 +5,6 @@ SECRET_DRIVER_SOURCES = \
 	secret/secret_driver.c \
 	$(NULL)
 
-SECRET_UTIL_SOURCES = \
-	secret/secret_util.h \
-	secret/secret_util.c \
-	$(NULL)
-
 
 DRIVER_SOURCE_FILES += $(addprefix $(srcdir)/,$(SECRET_DRIVER_SOURCES))
 STATEFUL_DRIVER_SOURCE_FILES += \
@@ -17,14 +12,8 @@ STATEFUL_DRIVER_SOURCE_FILES += \
 
 EXTRA_DIST += \
 	$(SECRET_DRIVER_SOURCES) \
-	$(SECRET_UTIL_SOURCES) \
 	$(NULL)
 
-noinst_LTLIBRARIES += libvirt_secret.la
-libvirt_la_BUILT_LIBADD += libvirt_secret.la
-libvirt_secret_la_CFLAGS = $(AM_CFLAGS)
-libvirt_secret_la_LDFLAGS = $(AM_LDFLAGS)
-libvirt_secret_la_SOURCES = $(SECRET_UTIL_SOURCES)
 
 if WITH_SECRETS
 mod_LTLIBRARIES += libvirt_driver_secret.la
diff --git a/src/secret/secret_util.c b/src/secret/secret_util.c
deleted file mode 100644
index 27e164a425..0000000000
--- a/src/secret/secret_util.c
+++ /dev/null
@@ -1,102 +0,0 @@
-/*
- * secret_util.c: secret related utility functions
- *
- * Copyright (C) 2016 Red Hat, Inc.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library.  If not, see
- * <http://www.gnu.org/licenses/>.
- *
- */
-
-#include <config.h>
-
-#include "secret_util.h"
-#include "viralloc.h"
-#include "virerror.h"
-#include "virlog.h"
-#include "virobject.h"
-#include "viruuid.h"
-#include "datatypes.h"
-
-#define VIR_FROM_THIS VIR_FROM_SECRET
-
-VIR_LOG_INIT("secret.secret_util");
-
-
-/* virSecretGetSecretString:
- * @conn: Pointer to the connection driver to make secret driver call
- * @seclookupdef: Secret lookup def
- * @secretUsageType: Type of secret usage for usage lookup
- * @secret: returned secret as a sized stream of unsigned chars
- * @secret_size: Return size of the secret - either raw text or base64
- *
- * Lookup the secret for the usage type and return it as raw text.
- * It is up to the caller to encode the secret further.
- *
- * Returns 0 on success, -1 on failure.  On success the memory in secret
- * needs to be cleared and free'd after usage.
- */
-int
-virSecretGetSecretString(virConnectPtr conn,
-                         virSecretLookupTypeDefPtr seclookupdef,
-                         virSecretUsageType secretUsageType,
-                         uint8_t **secret,
-                         size_t *secret_size)
-{
-    virSecretPtr sec = NULL;
-    int ret = -1;
-
-    switch (seclookupdef->type) {
-    case VIR_SECRET_LOOKUP_TYPE_UUID:
-        sec = conn->secretDriver->secretLookupByUUID(conn, seclookupdef->u.uuid);
-        break;
-
-    case VIR_SECRET_LOOKUP_TYPE_USAGE:
-        sec = conn->secretDriver->secretLookupByUsage(conn, secretUsageType,
-                                                      seclookupdef->u.usage);
-        break;
-    }
-
-    if (!sec)
-        goto cleanup;
-
-    /* NB: NONE is a byproduct of the qemuxml2argvtest test mocking
-     * for UUID lookups. Normal secret XML processing would fail if
-     * the usage type was NONE and since we have no way to set the
-     * expected usage in that environment, let's just accept NONE */
-    if (sec->usageType != VIR_SECRET_USAGE_TYPE_NONE &&
-        sec->usageType != secretUsageType) {
-        char uuidstr[VIR_UUID_STRING_BUFLEN];
-
-        virUUIDFormat(seclookupdef->u.uuid, uuidstr);
-        virReportError(VIR_ERR_INVALID_ARG,
-                       _("secret with uuid %s is of type '%s' not "
-                         "expected '%s' type"),
-                       uuidstr, virSecretUsageTypeToString(sec->usageType),
-                       virSecretUsageTypeToString(secretUsageType));
-        goto cleanup;
-    }
-
-    *secret = conn->secretDriver->secretGetValue(sec, secret_size, 0,
-                                                 VIR_SECRET_GET_VALUE_INTERNAL_CALL);
-
-    if (!*secret)
-        goto cleanup;
-
-    ret = 0;
-
- cleanup:
-    virObjectUnref(sec);
-    return ret;
-}
diff --git a/src/secret/secret_util.h b/src/secret/secret_util.h
deleted file mode 100644
index ff23df63b7..0000000000
--- a/src/secret/secret_util.h
+++ /dev/null
@@ -1,33 +0,0 @@
-/*
- * secret_util.h: secret related utility functions
- *
- * Copyright (C) 2016 Red Hat, Inc.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library.  If not, see
- * <http://www.gnu.org/licenses/>.
- *
- */
-
-#pragma once
-
-#include "internal.h"
-#include "virsecret.h"
-
-int virSecretGetSecretString(virConnectPtr conn,
-                             virSecretLookupTypeDefPtr seclookupdef,
-                             virSecretUsageType secretUsageType,
-                             uint8_t **ret_secret,
-                             size_t *ret_secret_size)
-    ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(4)
-    ATTRIBUTE_NONNULL(5) G_GNUC_WARN_UNUSED_RESULT;
diff --git a/src/storage/storage_backend_iscsi.c b/src/storage/storage_backend_iscsi.c
index ee39cbf88d..c02fbb5eaa 100644
--- a/src/storage/storage_backend_iscsi.c
+++ b/src/storage/storage_backend_iscsi.c
@@ -39,7 +39,7 @@
 #include "virobject.h"
 #include "virstring.h"
 #include "viruuid.h"
-#include "secret_util.h"
+#include "virsecret.h"
 #include "storage_util.h"
 
 #define VIR_FROM_THIS VIR_FROM_STORAGE
diff --git a/src/storage/storage_backend_iscsi_direct.c b/src/storage/storage_backend_iscsi_direct.c
index 3a5e2bb9f0..c37c671db6 100644
--- a/src/storage/storage_backend_iscsi_direct.c
+++ b/src/storage/storage_backend_iscsi_direct.c
@@ -24,7 +24,7 @@
 #include <iscsi/scsi-lowlevel.h>
 
 #include "datatypes.h"
-#include "secret_util.h"
+#include "virsecret.h"
 #include "storage_backend_iscsi_direct.h"
 #include "storage_util.h"
 #include "viralloc.h"
diff --git a/src/storage/storage_backend_rbd.c b/src/storage/storage_backend_rbd.c
index 88e7a4b236..f0b7653736 100644
--- a/src/storage/storage_backend_rbd.c
+++ b/src/storage/storage_backend_rbd.c
@@ -33,7 +33,7 @@
 #include "virrandom.h"
 #include "rados/librados.h"
 #include "rbd/librbd.h"
-#include "secret_util.h"
+#include "virsecret.h"
 #include "storage_util.h"
 
 #define VIR_FROM_THIS VIR_FROM_STORAGE
diff --git a/src/storage/storage_util.c b/src/storage/storage_util.c
index ebc262278d..987d937b04 100644
--- a/src/storage/storage_util.c
+++ b/src/storage/storage_util.c
@@ -62,7 +62,7 @@
 #include "viralloc.h"
 #include "internal.h"
 #include "secret_conf.h"
-#include "secret_util.h"
+#include "virsecret.h"
 #include "vircrypto.h"
 #include "viruuid.h"
 #include "virstoragefile.h"
diff --git a/src/util/virsecret.c b/src/util/virsecret.c
index 174ce544c0..f44d964198 100644
--- a/src/util/virsecret.c
+++ b/src/util/virsecret.c
@@ -21,6 +21,7 @@
 
 #include <config.h>
 
+#include "datatypes.h"
 #include "viralloc.h"
 #include "virerror.h"
 #include "virlog.h"
@@ -125,3 +126,71 @@ virSecretLookupFormatSecret(virBufferPtr buf,
         virBufferAddLit(buf, "/>\n");
     }
 }
+
+
+/* virSecretGetSecretString:
+ * @conn: Pointer to the connection driver to make secret driver call
+ * @seclookupdef: Secret lookup def
+ * @secretUsageType: Type of secret usage for usage lookup
+ * @secret: returned secret as a sized stream of unsigned chars
+ * @secret_size: Return size of the secret - either raw text or base64
+ *
+ * Lookup the secret for the usage type and return it as raw text.
+ * It is up to the caller to encode the secret further.
+ *
+ * Returns 0 on success, -1 on failure.  On success the memory in secret
+ * needs to be cleared and free'd after usage.
+ */
+int
+virSecretGetSecretString(virConnectPtr conn,
+                         virSecretLookupTypeDefPtr seclookupdef,
+                         virSecretUsageType secretUsageType,
+                         uint8_t **secret,
+                         size_t *secret_size)
+{
+    virSecretPtr sec = NULL;
+    int ret = -1;
+
+    switch (seclookupdef->type) {
+    case VIR_SECRET_LOOKUP_TYPE_UUID:
+        sec = conn->secretDriver->secretLookupByUUID(conn, seclookupdef->u.uuid);
+        break;
+
+    case VIR_SECRET_LOOKUP_TYPE_USAGE:
+        sec = conn->secretDriver->secretLookupByUsage(conn, secretUsageType,
+                                                      seclookupdef->u.usage);
+        break;
+    }
+
+    if (!sec)
+        goto cleanup;
+
+    /* NB: NONE is a byproduct of the qemuxml2argvtest test mocking
+     * for UUID lookups. Normal secret XML processing would fail if
+     * the usage type was NONE and since we have no way to set the
+     * expected usage in that environment, let's just accept NONE */
+    if (sec->usageType != VIR_SECRET_USAGE_TYPE_NONE &&
+        sec->usageType != secretUsageType) {
+        char uuidstr[VIR_UUID_STRING_BUFLEN];
+
+        virUUIDFormat(seclookupdef->u.uuid, uuidstr);
+        virReportError(VIR_ERR_INVALID_ARG,
+                       _("secret with uuid %s is of type '%s' not "
+                         "expected '%s' type"),
+                       uuidstr, virSecretUsageTypeToString(sec->usageType),
+                       virSecretUsageTypeToString(secretUsageType));
+        goto cleanup;
+    }
+
+    *secret = conn->secretDriver->secretGetValue(sec, secret_size, 0,
+                                                 VIR_SECRET_GET_VALUE_INTERNAL_CALL);
+
+    if (!*secret)
+        goto cleanup;
+
+    ret = 0;
+
+ cleanup:
+    virObjectUnref(sec);
+    return ret;
+}
diff --git a/src/util/virsecret.h b/src/util/virsecret.h
index 8bc8a24e0f..bf056cb3b2 100644
--- a/src/util/virsecret.h
+++ b/src/util/virsecret.h
@@ -56,3 +56,11 @@ int virSecretLookupParseSecret(xmlNodePtr secretnode,
 void virSecretLookupFormatSecret(virBufferPtr buf,
                                  const char *secrettype,
                                  virSecretLookupTypeDefPtr def);
+
+int virSecretGetSecretString(virConnectPtr conn,
+                             virSecretLookupTypeDefPtr seclookupdef,
+                             virSecretUsageType secretUsageType,
+                             uint8_t **ret_secret,
+                             size_t *ret_secret_size)
+    ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(4)
+    ATTRIBUTE_NONNULL(5) G_GNUC_WARN_UNUSED_RESULT;