diff --git a/src/com/android/settings/vpn2/ConfigDialogFragment.java b/src/com/android/settings/vpn2/ConfigDialogFragment.java
index a6189a9f56d..d145ba30e4c 100644
--- a/src/com/android/settings/vpn2/ConfigDialogFragment.java
+++ b/src/com/android/settings/vpn2/ConfigDialogFragment.java
@@ -107,7 +107,7 @@ public class ConfigDialogFragment extends DialogFragment implements
         if (button == DialogInterface.BUTTON_POSITIVE) {
             // Update KeyStore entry
             KeyStore.getInstance().put(Credentials.VPN + profile.key, profile.encode(),
-                    KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED);
+                    KeyStore.UID_SELF, /* flags */ 0);
 
             // Flush out old version of profile
             disconnect(profile);
diff --git a/src/com/android/settings/vpn2/LockdownConfigFragment.java b/src/com/android/settings/vpn2/LockdownConfigFragment.java
index 581b55dbf35..d60cebcc848 100644
--- a/src/com/android/settings/vpn2/LockdownConfigFragment.java
+++ b/src/com/android/settings/vpn2/LockdownConfigFragment.java
@@ -64,9 +64,6 @@ public class LockdownConfigFragment extends DialogFragment {
     }
 
     private static String getStringOrNull(KeyStore keyStore, String key) {
-        if (!keyStore.isUnlocked()) {
-            return null;
-        }
         final byte[] value = keyStore.get(key);
         return value == null ? null : new String(value);
     }
@@ -122,7 +119,7 @@ public class LockdownConfigFragment extends DialogFragment {
                         return;
                     }
                     keyStore.put(Credentials.LOCKDOWN_VPN, profile.key.getBytes(),
-                            KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED);
+                            KeyStore.UID_SELF, /* flags */ 0);
                 }
 
                 // kick profiles since we changed them
diff --git a/src/com/android/settings/vpn2/VpnSettings.java b/src/com/android/settings/vpn2/VpnSettings.java
index 00f6a1255c1..40b05c593fa 100644
--- a/src/com/android/settings/vpn2/VpnSettings.java
+++ b/src/com/android/settings/vpn2/VpnSettings.java
@@ -456,13 +456,6 @@ public class VpnSettings extends SettingsPreferenceFragment implements
     protected static List<VpnProfile> loadVpnProfiles(KeyStore keyStore, int... excludeTypes) {
         final ArrayList<VpnProfile> result = Lists.newArrayList();
 
-        // This might happen if the user does not yet have a keystore. Quietly short-circuit because
-        // no keystore means no VPN configs.
-        if (!keyStore.isUnlocked()) {
-            return result;
-        }
-
-        // We are the only user of profiles in KeyStore so no locks are needed.
         for (String key : keyStore.list(Credentials.VPN)) {
             final VpnProfile profile = VpnProfile.decode(key, keyStore.get(Credentials.VPN + key));
             if (profile != null && !ArrayUtils.contains(excludeTypes, profile.type)) {