diff --git a/.eslintrc.js b/.eslintrc.js
index a3c7eb4f8d..a1fe472db2 100644
--- a/.eslintrc.js
+++ b/.eslintrc.js
@@ -92,6 +92,8 @@ module.exports = {
                             "!matrix-js-sdk/src/crypto-api",
                             "!matrix-js-sdk/src/types",
                             "!matrix-js-sdk/src/testing",
+                            "!matrix-js-sdk/src/utils/**",
+                            "matrix-js-sdk/src/utils/internal/**",
                             "matrix-js-sdk/lib",
                             "matrix-js-sdk/lib/",
                             "matrix-js-sdk/lib/**",
@@ -119,7 +121,6 @@ module.exports = {
                             "!matrix-js-sdk/src/extensible_events_v1/PollEndEvent",
                             "!matrix-js-sdk/src/extensible_events_v1/InvalidEventError",
                             "!matrix-js-sdk/src/crypto",
-                            "!matrix-js-sdk/src/crypto/aes",
                             "!matrix-js-sdk/src/crypto/keybackup",
                             "!matrix-js-sdk/src/crypto/deviceinfo",
                             "!matrix-js-sdk/src/crypto/dehydration",
diff --git a/src/Lifecycle.ts b/src/Lifecycle.ts
index e83b8df20d..a8ddaf0a1d 100644
--- a/src/Lifecycle.ts
+++ b/src/Lifecycle.ts
@@ -11,7 +11,7 @@ Please see LICENSE files in the repository root for full details.
 
 import { ReactNode } from "react";
 import { createClient, MatrixClient, SSOAction, OidcTokenRefresher, decodeBase64 } from "matrix-js-sdk/src/matrix";
-import { IEncryptedPayload } from "matrix-js-sdk/src/crypto/aes";
+import { AESEncryptedSecretStoragePayload } from "matrix-js-sdk/src/types";
 import { QueryDict } from "matrix-js-sdk/src/utils";
 import { logger } from "matrix-js-sdk/src/logger";
 
@@ -472,9 +472,9 @@ export interface IStoredSession {
     hsUrl: string;
     isUrl: string;
     hasAccessToken: boolean;
-    accessToken: string | IEncryptedPayload;
+    accessToken: string | AESEncryptedSecretStoragePayload;
     hasRefreshToken: boolean;
-    refreshToken?: string | IEncryptedPayload;
+    refreshToken?: string | AESEncryptedSecretStoragePayload;
     userId: string;
     deviceId: string;
     isGuest: boolean;
diff --git a/src/utils/tokens/tokens.ts b/src/utils/tokens/tokens.ts
index febd7f23ff..2bf67924f9 100644
--- a/src/utils/tokens/tokens.ts
+++ b/src/utils/tokens/tokens.ts
@@ -6,8 +6,10 @@ SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only
 Please see LICENSE files in the repository root for full details.
 */
 
-import { decryptAES, encryptAES, IEncryptedPayload } from "matrix-js-sdk/src/crypto/aes";
 import { logger } from "matrix-js-sdk/src/logger";
+import decryptAESSecretStorageItem from "matrix-js-sdk/src/utils/decryptAESSecretStorageItem";
+import encryptAESSecretStorageItem from "matrix-js-sdk/src/utils/encryptAESSecretStorageItem";
+import { AESEncryptedSecretStoragePayload } from "matrix-js-sdk/src/types";
 
 import * as StorageAccess from "../StorageAccess";
 
@@ -78,7 +80,7 @@ async function pickleKeyToAesKey(pickleKey: string): Promise<Uint8Array> {
  */
 export async function tryDecryptToken(
     pickleKey: string | undefined,
-    token: IEncryptedPayload | string,
+    token: AESEncryptedSecretStoragePayload | string,
     tokenName: string,
 ): Promise<string> {
     if (typeof token === "string") {
@@ -92,7 +94,7 @@ export async function tryDecryptToken(
     }
 
     const encrKey = await pickleKeyToAesKey(pickleKey);
-    const decryptedToken = await decryptAES(token, encrKey, tokenName);
+    const decryptedToken = await decryptAESSecretStorageItem(token, encrKey, tokenName);
     encrKey.fill(0);
     return decryptedToken;
 }
@@ -130,12 +132,12 @@ export async function persistTokenInStorage(
     }
 
     if (pickleKey) {
-        let encryptedToken: IEncryptedPayload | undefined;
+        let encryptedToken: AESEncryptedSecretStoragePayload | undefined;
         if (token) {
             try {
                 // try to encrypt the access token using the pickle key
                 const encrKey = await pickleKeyToAesKey(pickleKey);
-                encryptedToken = await encryptAES(token, encrKey, tokenName);
+                encryptedToken = await encryptAESSecretStorageItem(token, encrKey, tokenName);
                 encrKey.fill(0);
             } catch (e) {
                 // This is likely due to the browser not having WebCrypto or somesuch.
diff --git a/test/Lifecycle-test.ts b/test/Lifecycle-test.ts
index 04c7408b68..890c6bf1ac 100644
--- a/test/Lifecycle-test.ts
+++ b/test/Lifecycle-test.ts
@@ -10,7 +10,7 @@ import { Crypto } from "@peculiar/webcrypto";
 import { logger } from "matrix-js-sdk/src/logger";
 import * as MatrixJs from "matrix-js-sdk/src/matrix";
 import { decodeBase64, encodeUnpaddedBase64 } from "matrix-js-sdk/src/matrix";
-import * as MatrixCryptoAes from "matrix-js-sdk/src/crypto/aes";
+import * as encryptAESSecretStorageItemModule from "matrix-js-sdk/src/utils/encryptAESSecretStorageItem";
 import { mocked, MockedObject } from "jest-mock";
 import fetchMock from "fetch-mock-jest";
 
@@ -74,7 +74,7 @@ describe("Lifecycle", () => {
         delete window.crypto;
         window.crypto = webCrypto;
 
-        jest.spyOn(MatrixCryptoAes, "encryptAES").mockRestore();
+        jest.spyOn(encryptAESSecretStorageItemModule, "default").mockRestore();
     });
 
     afterAll(() => {
@@ -675,7 +675,7 @@ describe("Lifecycle", () => {
             });
 
             it("should persist token when encrypting the token fails", async () => {
-                jest.spyOn(MatrixCryptoAes, "encryptAES").mockRejectedValue("MOCK REJECT ENCRYPTAES");
+                jest.spyOn(encryptAESSecretStorageItemModule, "default").mockRejectedValue("MOCK REJECT ENCRYPTAES");
                 await setLoggedIn(credentials);
 
                 // persist the unencrypted token