diff --git a/src/eap-peap.c b/src/eap-peap.c
index 1d99bb25..5d27829f 100644
--- a/src/eap-peap.c
+++ b/src/eap-peap.c
@@ -953,12 +953,10 @@ static int eap_peap_check_settings(struct l_settings *settings,
 	}
 
 	if (path) {
+		struct l_key *priv_key;
 		bool encrypted;
-		uint8_t *priv_key;
-		size_t size;
 
-		priv_key = l_pem_load_private_key(path, passphrase,
-							&encrypted, &size);
+		priv_key = l_pem_load_private_key(path, passphrase, &encrypted);
 		if (!priv_key) {
 			if (!encrypted) {
 				l_error("Error loading client private key %s",
@@ -982,8 +980,7 @@ static int eap_peap_check_settings(struct l_settings *settings,
 					passphrase_entry, NULL, path,
 					EAP_CACHE_TEMPORARY);
 		} else {
-			memset(priv_key, 0, size);
-			l_free(priv_key);
+			l_key_free(priv_key);
 
 			if (passphrase && !encrypted) {
 				l_error("%s present but client private "
diff --git a/src/eap-tls.c b/src/eap-tls.c
index 8abf3551..f326e4bc 100644
--- a/src/eap-tls.c
+++ b/src/eap-tls.c
@@ -459,12 +459,10 @@ static int eap_tls_check_settings(struct l_settings *settings,
 	}
 
 	if (path) {
+		struct l_key *priv_key;
 		bool encrypted;
-		uint8_t *priv_key;
-		size_t size;
 
-		priv_key = l_pem_load_private_key(path, passphrase,
-							&encrypted, &size);
+		priv_key = l_pem_load_private_key(path, passphrase, &encrypted);
 		if (!priv_key) {
 			if (!encrypted) {
 				l_error("Error loading client private key %s",
@@ -488,8 +486,7 @@ static int eap_tls_check_settings(struct l_settings *settings,
 					passphrase_setting, NULL, path,
 					EAP_CACHE_TEMPORARY);
 		} else {
-			memset(priv_key, 0, size);
-			l_free(priv_key);
+			l_key_free(priv_key);
 
 			if (passphrase && !encrypted) {
 				l_error("%s present but client private "
diff --git a/src/eap-ttls.c b/src/eap-ttls.c
index c3df2e7c..fc53adfc 100644
--- a/src/eap-ttls.c
+++ b/src/eap-ttls.c
@@ -1221,12 +1221,10 @@ static int eap_ttls_check_settings(struct l_settings *settings,
 	}
 
 	if (path) {
+		struct l_key *priv_key;
 		bool encrypted;
-		uint8_t *priv_key;
-		size_t size;
 
-		priv_key = l_pem_load_private_key(path, passphrase,
-							&encrypted, &size);
+		priv_key = l_pem_load_private_key(path, passphrase, &encrypted);
 		if (!priv_key) {
 			if (!encrypted) {
 				l_error("Error loading client private key %s",
@@ -1250,8 +1248,7 @@ static int eap_ttls_check_settings(struct l_settings *settings,
 					passphrase_setting, NULL, path,
 					EAP_CACHE_TEMPORARY);
 		} else {
-			memset(priv_key, 0, size);
-			l_free(priv_key);
+			l_key_free(priv_key);
 
 			if (passphrase && !encrypted) {
 				l_error("%s present but client private "