diff --git a/app/services/encryption/encryptors/session_encryptor.rb b/app/services/encryption/encryptors/session_encryptor.rb
index df9b39b73ec..496871d8b3f 100644
--- a/app/services/encryption/encryptors/session_encryptor.rb
+++ b/app/services/encryption/encryptors/session_encryptor.rb
@@ -3,7 +3,11 @@ module Encryptors
     class SessionEncryptor
       include Encodable
 
-      delegate :encrypt, to: :deprecated_encryptor
+      def encrypt(plaintext)
+        aes_ciphertext = AesEncryptor.new.encrypt(plaintext, aes_encryption_key)
+        kms_ciphertext = KmsClient.new.encrypt(aes_ciphertext)
+        encode(kms_ciphertext)
+      end
 
       def decrypt(ciphertext)
         return deprecated_encryptor.decrypt(ciphertext) if legacy?(ciphertext)
diff --git a/spec/services/encryption/encryptors/session_encryptor_spec.rb b/spec/services/encryption/encryptors/session_encryptor_spec.rb
index 95efbf641aa..6d5cd79fd4e 100644
--- a/spec/services/encryption/encryptors/session_encryptor_spec.rb
+++ b/spec/services/encryption/encryptors/session_encryptor_spec.rb
@@ -4,15 +4,19 @@
   let(:plaintext) { '{ "foo": "bar" }' }
 
   describe '#encrypt' do
-    it 'returns ciphertext created by the deprecated session encryptor' do
-      expected_ciphertext = '123abc'
-
-      deprecated_encryptor = Encryption::Encryptors::DeprecatedSessionEncryptor.new
-      expect(deprecated_encryptor).to receive(:encrypt).
-        with(plaintext).
-        and_return(expected_ciphertext)
-      expect(Encryption::Encryptors::DeprecatedSessionEncryptor).to receive(:new).
-        and_return(deprecated_encryptor)
+    it 'returns a KMS wrapped AES encrypted ciphertext' do
+      aes_encryptor = instance_double(Encryption::Encryptors::AesEncryptor)
+      kms_client = instance_double(Encryption::KmsClient)
+      allow(aes_encryptor).to receive(:encrypt).
+        with(plaintext, Figaro.env.session_encryption_key[0...32]).
+        and_return('aes output')
+      allow(kms_client).to receive(:encrypt).
+        with('aes output').
+        and_return('kms output')
+      allow(Encryption::Encryptors::AesEncryptor).to receive(:new).and_return(aes_encryptor)
+      allow(Encryption::KmsClient).to receive(:new).and_return(kms_client)
+
+      expected_ciphertext = Base64.strict_encode64('kms output')
 
       ciphertext = subject.encrypt(plaintext)
 
@@ -30,12 +34,7 @@
     end
 
     context 'with a 2L-KMS ciphertext' do
-      let(:ciphertext) do
-        key = Figaro.env.session_encryption_key[0...32]
-        aes_ciphertext = Encryption::Encryptors::AesEncryptor.new.encrypt(plaintext, key)
-        kms_ciphertext = Encryption::KmsClient.new.encrypt(aes_ciphertext)
-        Base64.strict_encode64(kms_ciphertext)
-      end
+      let(:ciphertext) { Encryption::Encryptors::SessionEncryptor.new.encrypt(plaintext) }
 
       it 'decrypts the ciphertext' do
         expect(subject.decrypt(ciphertext)).to eq(plaintext)