diff --git a/app/services/encryption/kms_client.rb b/app/services/encryption/kms_client.rb
index faa0c7fb000..4aff3a9c54e 100644
--- a/app/services/encryption/kms_client.rb
+++ b/app/services/encryption/kms_client.rb
@@ -10,7 +10,6 @@ class KmsClient # rubocop:disable Metrics/ClassLength
     }.freeze
 
     def encrypt(plaintext, encryption_context)
-      return ContextlessKmsClient.new.encrypt(plaintext) unless FeatureManagement.use_kms_contexts?
       KmsLogger.log(:encrypt, encryption_context)
       return encrypt_kms(plaintext, encryption_context) if FeatureManagement.use_kms?
       encrypt_local(plaintext, encryption_context)
diff --git a/app/services/encryption/password_verifier.rb b/app/services/encryption/password_verifier.rb
index 7b0bbd571a2..04c7896b8a6 100644
--- a/app/services/encryption/password_verifier.rb
+++ b/app/services/encryption/password_verifier.rb
@@ -34,8 +34,6 @@ def initialize
     end
 
     def digest(password:, user_uuid:)
-      return UakPasswordVerifier.digest(password) unless FeatureManagement.write_2lkms_passwords?
-
       salt = SecureRandom.hex(32)
       cost = Figaro.env.scrypt_cost
       encrypted_password = encrypt_password(
diff --git a/config/application.yml.example b/config/application.yml.example
index e0aaf014fb2..f846edc42be 100644
--- a/config/application.yml.example
+++ b/config/application.yml.example
@@ -206,7 +206,6 @@ development:
   use_dashboard_service_providers: 'true'
   use_kms: 'false'
   use_kms_context_for_sessions: 'false'
-  use_kms_contexts: 'false'
   usps_confirmation_max_days: '10'
   enable_load_testing_mode: 'false'
   usps_download_sftp_directory: '/undeliverable'
@@ -219,7 +218,6 @@ development:
   usps_upload_sftp_username: 'brady'
   usps_upload_sftp_password: 'test'
   usps_upload_token: '123ABC'
-  write_2lkms_passwords: 'false'
 
 # These values serve as defaults for all production-like environments, which
 # includes *.identitysandbox.gov and *.login.gov.
@@ -322,7 +320,6 @@ production:
   twilio_verify_api_key: 'change-me'
   use_kms: 'true'
   use_kms_context_for_sessions: 'false'
-  use_kms_contexts: 'false'
   usps_confirmation_max_days: '30'
   enable_load_testing_mode: 'false'
   usps_download_sftp_directory:
@@ -335,7 +332,6 @@ production:
   usps_upload_sftp_username:
   usps_upload_sftp_password:
   usps_upload_token:
-  write_2lkms_passwords: 'false'
 
 test:
   aamva_cert_enabled: 'true'
@@ -442,7 +438,6 @@ test:
   twilio_verify_api_key: 'secret'
   use_kms: 'false'
   use_kms_context_for_sessions: 'true'
-  use_kms_contexts: 'true'
   usps_confirmation_max_days: '10'
   enable_load_testing_mode: 'false'
   usps_download_sftp_directory: '/undeliverable'
@@ -455,4 +450,3 @@ test:
   usps_upload_sftp_username: 'user'
   usps_upload_sftp_password: 'pass'
   usps_upload_token: 'test_token'
-  write_2lkms_passwords: 'true'
diff --git a/lib/feature_management.rb b/lib/feature_management.rb
index 9866154d5a9..58cb97af5d5 100644
--- a/lib/feature_management.rb
+++ b/lib/feature_management.rb
@@ -102,14 +102,6 @@ def self.backup_codes_enabled?
     Figaro.env.backup_codes_enabled == 'true'
   end
 
-  def self.use_kms_contexts?
-    Figaro.env.use_kms_contexts == 'true'
-  end
-
-  def self.write_2lkms_passwords?
-    Figaro.env.write_2lkms_passwords == 'true'
-  end
-
   def self.use_kms_context_for_sessions?
     Figaro.env.use_kms_context_for_sessions == 'true'
   end
diff --git a/lib/tasks/add_context_to_pii_bundles.rake b/lib/tasks/add_context_to_pii_bundles.rake
deleted file mode 100644
index cffba2b7cda..00000000000
--- a/lib/tasks/add_context_to_pii_bundles.rake
+++ /dev/null
@@ -1,43 +0,0 @@
-namespace :adhoc do
-  desc 'Add KMS encryption context to existing PII bundles'
-  task add_context_to_pii_bundles: :environment do
-    Rails.logger = Logger.new(STDOUT)
-
-    @kms_client = Encryption::KmsClient.new
-
-    batch_count = 0
-    # rubocop:disable Metrics/MethodLength
-    def add_context_to_encrypted_pii(encrypted_pii, user_uuid)
-      ciphertext = Encryption::Encryptors::PiiEncryptor::Ciphertext.parse_from_string(
-        encrypted_pii,
-      )
-      return unless @kms_client.class.looks_like_contextless?(ciphertext.encrypted_data)
-      ciphertext.encrypted_data = @kms_client.encrypt(
-        @kms_client.decrypt(
-          ciphertext.encrypted_data,
-          'context' => 'pii-encryption',
-          'user_uuid' => user_uuid,
-        ),
-        'context' => 'pii-encryption',
-        'user_uuid' => user_uuid,
-      )
-      ciphertext.to_s
-    end
-    # rubocop:enable Metrics/MethodLength
-
-    Profile.includes(:user).find_in_batches do |batch|
-      Rails.logger.info "Processing batch #{batch_count += 1}"
-      batch.each do |profile|
-        updated_pii = add_context_to_encrypted_pii(profile.encrypted_pii, profile.user.uuid)
-        profile.encrypted_pii = updated_pii if updated_pii.present?
-        updated_recovery_pii = add_context_to_encrypted_pii(
-          profile.encrypted_pii_recovery, profile.user.uuid
-        )
-        profile.encrypted_pii_recovery = updated_recovery_pii if updated_recovery_pii.present?
-        profile.save! if profile.changed?
-      end
-      sleep 1
-    end
-    Rails.logger.info('Done!')
-  end
-end
diff --git a/spec/features/idv/uak_password_spec.rb b/spec/features/idv/uak_password_spec.rb
index 312bc58668c..ec646bb8601 100644
--- a/spec/features/idv/uak_password_spec.rb
+++ b/spec/features/idv/uak_password_spec.rb
@@ -3,47 +3,21 @@
 feature 'A user with a UAK passwords attempts IdV' do
   include IdvStepHelper
 
-  context 'before we start writing 2L-KMS passwords' do
-    before do
-      allow(FeatureManagement).to receive(:write_2lkms_passwords?).and_return(true)
-    end
+  it 'allows the user to continue to the SP' do
+    user = user_with_2fa
+    user.update!(
+      encrypted_password_digest: Encryption::UakPasswordVerifier.digest(user.password),
+    )
 
-    it 'allows the user to continue to the SP' do
-      user = user_with_2fa
-      user.update!(
-        encrypted_password_digest: Encryption::UakPasswordVerifier.digest(user.password),
-      )
+    start_idv_from_sp(:oidc)
+    complete_idv_steps_with_phone_before_confirmation_step(user)
 
-      start_idv_from_sp(:oidc)
-      complete_idv_steps_with_phone_before_confirmation_step(user)
+    click_acknowledge_personal_key
 
-      click_acknowledge_personal_key
+    expect(page).to have_current_path(sign_up_completed_path)
 
-      expect(page).to have_current_path(sign_up_completed_path)
+    click_on t('forms.buttons.continue')
 
-      click_on t('forms.buttons.continue')
-
-      expect(current_url).to start_with('http://localhost:7654/auth/result')
-    end
-  end
-
-  context 'after we start writing 2L-KMS passwords' do
-    it 'allows the user to continue to the SP' do
-      user = user_with_2fa
-      user.update!(
-        encrypted_password_digest: Encryption::UakPasswordVerifier.digest(user.password),
-      )
-
-      start_idv_from_sp(:oidc)
-      complete_idv_steps_with_phone_before_confirmation_step(user)
-
-      click_acknowledge_personal_key
-
-      expect(page).to have_current_path(sign_up_completed_path)
-
-      click_on t('forms.buttons.continue')
-
-      expect(current_url).to start_with('http://localhost:7654/auth/result')
-    end
+    expect(current_url).to start_with('http://localhost:7654/auth/result')
   end
 end
diff --git a/spec/services/encryption/kms_client_spec.rb b/spec/services/encryption/kms_client_spec.rb
index 384c0bc8d04..65ab705f78c 100644
--- a/spec/services/encryption/kms_client_spec.rb
+++ b/spec/services/encryption/kms_client_spec.rb
@@ -65,22 +65,6 @@
       end
     end
 
-    context 'with kms contexts disabled' do
-      it 'delegates to the contextless encryptor' do
-        allow(FeatureManagement).to receive(:use_kms_contexts?).and_return(false)
-
-        contextless_client = Encryption::ContextlessKmsClient.new
-        expect(contextless_client).to receive(:encrypt).
-          with(plaintext).
-          and_return('contextless ciphertext')
-        expect(Encryption::ContextlessKmsClient).to receive(:new).and_return(contextless_client)
-
-        result = subject.encrypt(plaintext, encryption_context)
-
-        expect(result).to eq('contextless ciphertext')
-      end
-    end
-
     it 'logs the context' do
       expect(Encryption::KmsLogger).to receive(:log).with(:encrypt, encryption_context)
 
diff --git a/spec/services/encryption/password_verifier_spec.rb b/spec/services/encryption/password_verifier_spec.rb
index f219b27061a..73666eb4559 100644
--- a/spec/services/encryption/password_verifier_spec.rb
+++ b/spec/services/encryption/password_verifier_spec.rb
@@ -38,22 +38,6 @@
         encrypted_password: 'kms_ciphertext',
       )
     end
-
-    context 'with 2lkms password digests disabled' do
-      before do
-        allow(Figaro.env).to receive(:write_2lkms_passwords).and_return(false)
-      end
-
-      it 'delegates to the UAK password encryptor' do
-        expect(Encryption::UakPasswordVerifier).to receive(:digest).
-          with(password).
-          and_return('uak ciphertext')
-
-        result = subject.digest(password: password, user_uuid: user_uuid)
-
-        expect(result).to eq('uak ciphertext')
-      end
-    end
   end
 
   describe '#verify' do