diff --git a/internal/vault/fake/client.go b/internal/vault/fake/client.go
index 64aa0c6aa..bed9462ef 100644
--- a/internal/vault/fake/client.go
+++ b/internal/vault/fake/client.go
@@ -64,7 +64,3 @@ func (c *Client) Token() string {
 func (c *Client) RawRequest(r *vault.Request) (*vault.Response, error) {
 	return c.RawRequestFn(r)
 }
-
-func (c *Client) Sys() *vault.Sys {
-	return nil
-}
diff --git a/internal/vault/fake/vault.go b/internal/vault/fake/vault.go
index 529a0a54f..1ccdcbdf1 100644
--- a/internal/vault/fake/vault.go
+++ b/internal/vault/fake/vault.go
@@ -20,7 +20,6 @@ package fake
 import (
 	"time"
 
-	vault "github.com/hashicorp/vault/api"
 	corelisters "k8s.io/client-go/listers/core/v1"
 
 	v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1"
@@ -80,11 +79,6 @@ func (v *Vault) New(ns string, sl corelisters.SecretLister, iss v1.GenericIssuer
 	return v, nil
 }
 
-// Sys returns an empty `vault.Sys`.
-func (v *Vault) Sys() *vault.Sys {
-	return new(vault.Sys)
-}
-
 // IsVaultInitializedAndUnsealed always returns nil
 func (v *Vault) IsVaultInitializedAndUnsealed() error {
 	return nil
diff --git a/internal/vault/vault.go b/internal/vault/vault.go
index a4ac2daca..6b00195a1 100644
--- a/internal/vault/vault.go
+++ b/internal/vault/vault.go
@@ -45,10 +45,8 @@ type ClientBuilder func(namespace string, secretsLister corelisters.SecretLister
 // Interface implements various high level functionality related to connecting
 // with a Vault server, verifying its status and signing certificate request for
 // Vault's certificate.
-// TODO: Sys() is duplicated here and in Client interface
 type Interface interface {
 	Sign(csrPEM []byte, duration time.Duration) (certPEM []byte, caPEM []byte, err error)
-	Sys() *vault.Sys
 	IsVaultInitializedAndUnsealed() error
 }
 
@@ -58,7 +56,6 @@ type Client interface {
 	RawRequest(r *vault.Request) (*vault.Response, error)
 	SetToken(v string)
 	Token() string
-	Sys() *vault.Sys
 }
 
 // Vault implements Interface and holds a Vault issuer, secrets lister and a
@@ -409,10 +406,6 @@ func (v *Vault) requestTokenWithKubernetesAuth(client Client, kubernetesAuth *v1
 	return token, nil
 }
 
-func (v *Vault) Sys() *vault.Sys {
-	return v.client.Sys()
-}
-
 func extractCertificatesFromVaultCertificateSecret(secret *certutil.Secret) ([]byte, []byte, error) {
 	parsedBundle, err := certutil.ParsePKIMap(secret.Data)
 	if err != nil {