diff --git a/libkeyutils/mini_keyctl_utils.cpp b/libkeyutils/mini_keyctl_utils.cpp
index 3651606db..1c80ffb8e 100644
--- a/libkeyutils/mini_keyctl_utils.cpp
+++ b/libkeyutils/mini_keyctl_utils.cpp
@@ -36,12 +36,59 @@
 
 static constexpr int kMaxCertSize = 4096;
 
-std::vector<std::string> SplitBySpace(const std::string& s) {
+static std::vector<std::string> SplitBySpace(const std::string& s) {
   std::istringstream iss(s);
   return std::vector<std::string>{std::istream_iterator<std::string>{iss},
                                   std::istream_iterator<std::string>{}};
 }
 
+// Find the keyring id. Because request_key(2) syscall is not available or the key is
+// kernel keyring, the id is looked up from /proc/keys. The keyring description may contain other
+// information in the descritption section depending on the key type, only the first word in the
+// keyring description is used for searching.
+static bool GetKeyringId(const std::string& keyring_desc, key_serial_t* keyring_id) {
+  if (!keyring_id) {
+    LOG(ERROR) << "keyring_id is null";
+    return false;
+  }
+
+  // If the keyring id is already a hex number, directly convert it to keyring id
+  try {
+    key_serial_t id = std::stoi(keyring_desc, nullptr, 16);
+    *keyring_id = id;
+    return true;
+  } catch (const std::exception& e) {
+    LOG(INFO) << "search /proc/keys for keyring id";
+  }
+
+  // Only keys allowed by SELinux rules will be shown here.
+  std::ifstream proc_keys_file("/proc/keys");
+  if (!proc_keys_file.is_open()) {
+    PLOG(ERROR) << "Failed to open /proc/keys";
+    return false;
+  }
+
+  std::string line;
+  while (getline(proc_keys_file, line)) {
+    std::vector<std::string> tokens = SplitBySpace(line);
+    if (tokens.size() < 9) {
+      continue;
+    }
+    std::string key_id = tokens[0];
+    std::string key_type = tokens[7];
+    // The key description may contain space.
+    std::string key_desc_prefix = tokens[8];
+    // The prefix has a ":" at the end
+    std::string key_desc_pattern = keyring_desc + ":";
+    if (key_type != "keyring" || key_desc_prefix != key_desc_pattern) {
+      continue;
+    }
+    *keyring_id = std::stoi(key_id, nullptr, 16);
+    return true;
+  }
+  return false;
+}
+
 int AddCertsFromDir(const std::string& type, const std::string& desc_prefix,
                     const std::string& cert_dir, const std::string& keyring) {
   key_serial_t keyring_id;
@@ -89,49 +136,6 @@ int AddCertsFromDir(const std::string& type, const std::string& desc_prefix,
   return 0;
 }
 
-bool GetKeyringId(const std::string& keyring_desc, key_serial_t* keyring_id) {
-  if (!keyring_id) {
-    LOG(ERROR) << "keyring_id is null";
-    return false;
-  }
-
-  // If the keyring id is already a hex number, directly convert it to keyring id
-  try {
-    key_serial_t id = std::stoi(keyring_desc, nullptr, 16);
-    *keyring_id = id;
-    return true;
-  } catch (const std::exception& e) {
-    LOG(INFO) << "search /proc/keys for keyring id";
-  }
-
-  // Only keys allowed by SELinux rules will be shown here.
-  std::ifstream proc_keys_file("/proc/keys");
-  if (!proc_keys_file.is_open()) {
-    PLOG(ERROR) << "Failed to open /proc/keys";
-    return false;
-  }
-
-  std::string line;
-  while (getline(proc_keys_file, line)) {
-    std::vector<std::string> tokens = SplitBySpace(line);
-    if (tokens.size() < 9) {
-      continue;
-    }
-    std::string key_id = tokens[0];
-    std::string key_type = tokens[7];
-    // The key description may contain space.
-    std::string key_desc_prefix = tokens[8];
-    // The prefix has a ":" at the end
-    std::string key_desc_pattern = keyring_desc + ":";
-    if (key_type != "keyring" || key_desc_prefix != key_desc_pattern) {
-      continue;
-    }
-    *keyring_id = std::stoi(key_id, nullptr, 16);
-    return true;
-  }
-  return false;
-}
-
 int Unlink(key_serial_t key, const std::string& keyring) {
   key_serial_t keyring_id;
   if (!GetKeyringId(keyring, &keyring_id)) {
diff --git a/libkeyutils/mini_keyctl_utils.h b/libkeyutils/mini_keyctl_utils.h
index 150967ddd..804a35740 100644
--- a/libkeyutils/mini_keyctl_utils.h
+++ b/libkeyutils/mini_keyctl_utils.h
@@ -23,11 +23,6 @@
 int AddCertsFromDir(const std::string& type, const std::string& desc_prefix,
                     const std::string& cert_dir, const std::string& keyring);
 
-// Add all the certs from directory path to keyring with keyring_id. Returns the number of keys
-// added. Returns non-zero if any error happens.
-int AddKeys(const std::string& path, const key_serial_t keyring_id, const std::string& type,
-            const std::string& desc, int start_index);
-
 // Add key to a keyring. Returns non-zero if error happens.
 int Add(const std::string& type, const std::string& desc, const std::string& data,
         const std::string& keyring);
@@ -41,11 +36,5 @@ int Unlink(key_serial_t key, const std::string& keyring);
 // Apply key-linking to a keyring. Return non-zero if error happens.
 int RestrictKeyring(const std::string& keyring);
 
-// Find the keyring id. Because request_key(2) syscall is not available or the key is
-// kernel keyring, the id is looked up from /proc/keys. The keyring description may contain other
-// information in the descritption section depending on the key type, only the first word in the
-// keyring description is used for searching.
-bool GetKeyringId(const std::string& keyring_desc, key_serial_t* keyring_id);
-
 // Retrieves a key's security context. Return the context string, or empty string on error.
 std::string RetrieveSecurityContext(key_serial_t key);