diff --git a/nova/api/metadata/handler.py b/nova/api/metadata/handler.py
index 7ec839d424..9ba010ac8e 100644
--- a/nova/api/metadata/handler.py
+++ b/nova/api/metadata/handler.py
@@ -21,7 +21,6 @@ import os
 
 from oslo_log import log as logging
 from oslo_utils import encodeutils
-from oslo_utils import secretutils as secutils
 from oslo_utils import strutils
 import webob.dec
 import webob.exc
@@ -303,7 +302,7 @@ class MetadataRequestHandler(wsgi.Application):
             encodeutils.to_utf8(requestor_id),
             hashlib.sha256).hexdigest()
         if (not signature or
-            not secutils.constant_time_compare(expected_signature, signature)):
+                not hmac.compare_digest(expected_signature, signature)):
             if requestor_id:
                 LOG.warning('X-Instance-ID-Signature: %(signature)s does '
                             'not match the expected value: '
diff --git a/nova/tests/unit/test_metadata.py b/nova/tests/unit/test_metadata.py
index 2094b276e5..e32c4e6baa 100644
--- a/nova/tests/unit/test_metadata.py
+++ b/nova/tests/unit/test_metadata.py
@@ -1152,7 +1152,7 @@ class MetadataHandlerTestCase(test.TestCase):
                                 relpath="/2009-04-04/user-data-invalid")
         self.assertEqual(response.status_int, 404)
 
-    @mock.patch('oslo_utils.secretutils.constant_time_compare')
+    @mock.patch('hmac.compare_digest')
     def test_by_instance_id_uses_constant_time_compare(self, mock_compare):
         mock_compare.side_effect = test.TestingException