diff --git a/src/azure-cli/azure/cli/command_modules/keyvault/_completers.py b/src/azure-cli/azure/cli/command_modules/keyvault/_completers.py
index 501bb8e308b..8b7762d3ab1 100644
--- a/src/azure-cli/azure/cli/command_modules/keyvault/_completers.py
+++ b/src/azure-cli/azure/cli/command_modules/keyvault/_completers.py
@@ -8,7 +8,7 @@
 
 
 def _get_token(cli_ctx, server, resource, scope):  # pylint: disable=unused-argument
-    return Profile(cli_ctx=cli_ctx).get_login_credentials(resource)[0]._token_retriever()  # pylint: disable=protected-access
+    return Profile(cli_ctx=cli_ctx).get_raw_token(resource)[0]
 
 
 def get_keyvault_name_completion_list(resource_name):
diff --git a/src/azure-cli/azure/cli/command_modules/role/custom.py b/src/azure-cli/azure/cli/command_modules/role/custom.py
index 4b2ef813448..11ccf32f23b 100644
--- a/src/azure-cli/azure/cli/command_modules/role/custom.py
+++ b/src/azure-cli/azure/cli/command_modules/role/custom.py
@@ -1543,7 +1543,7 @@ def _get_keyvault_client(cli_ctx):
     version = str(get_api_version(cli_ctx, ResourceType.DATA_KEYVAULT))
 
     def _get_token(server, resource, scope):  # pylint: disable=unused-argument
-        return Profile(cli_ctx=cli_ctx).get_login_credentials(resource)[0]._token_retriever()  # pylint: disable=protected-access
+        return Profile(cli_ctx=cli_ctx).get_raw_token(resource)[0]
 
     return KeyVaultClient(KeyVaultAuthentication(_get_token), api_version=version)
 
diff --git a/src/azure-cli/azure/cli/command_modules/servicefabric/custom.py b/src/azure-cli/azure/cli/command_modules/servicefabric/custom.py
index 1e4695a50ad..b8b09e593e9 100644
--- a/src/azure-cli/azure/cli/command_modules/servicefabric/custom.py
+++ b/src/azure-cli/azure/cli/command_modules/servicefabric/custom.py
@@ -1671,7 +1671,7 @@ def _get_keyVault_not_arm_client(cli_ctx):
     version = str(get_api_version(cli_ctx, ResourceType.DATA_KEYVAULT))
 
     def get_token(server, resource, scope):  # pylint: disable=unused-argument
-        return Profile(cli_ctx=cli_ctx).get_login_credentials(resource)[0]._token_retriever()  # pylint: disable=protected-access
+        return Profile(cli_ctx=cli_ctx).get_raw_token(resource)[0]
 
     client = KeyVaultClient(KeyVaultAuthentication(get_token), api_version=version)
     return client
diff --git a/src/azure-cli/azure/cli/command_modules/vm/_vm_utils.py b/src/azure-cli/azure/cli/command_modules/vm/_vm_utils.py
index 8bb782f0d6e..2444a9dd3a7 100644
--- a/src/azure-cli/azure/cli/command_modules/vm/_vm_utils.py
+++ b/src/azure-cli/azure/cli/command_modules/vm/_vm_utils.py
@@ -106,7 +106,7 @@ def create_keyvault_data_plane_client(cli_ctx):
     version = str(get_api_version(cli_ctx, ResourceType.DATA_KEYVAULT))
 
     def get_token(server, resource, scope):  # pylint: disable=unused-argument
-        return Profile(cli_ctx=cli_ctx).get_login_credentials(resource)[0]._token_retriever()  # pylint: disable=protected-access
+        return Profile(cli_ctx=cli_ctx).get_raw_token(resource)[0]
 
     from azure.keyvault import KeyVaultAuthentication, KeyVaultClient
     return KeyVaultClient(KeyVaultAuthentication(get_token), api_version=version)