diff --git a/internal/decryptor/decryptor.go b/internal/decryptor/decryptor.go
index d51c03c5..48f7823f 100644
--- a/internal/decryptor/decryptor.go
+++ b/internal/decryptor/decryptor.go
@@ -25,7 +25,6 @@ import (
 	"io/fs"
 	"os"
 	"path/filepath"
-	"sort"
 	"strings"
 	"sync"
 	"time"
@@ -287,14 +286,7 @@ func (d *Decryptor) SopsDecryptWithFormat(data []byte, inputFormat, outputFormat
 		return nil, sopsUserErr(fmt.Sprintf("failed to load encrypted %s data", sopsFormatToString[inputFormat]), err)
 	}
 
-	for _, group := range tree.Metadata.KeyGroups {
-		// Sort MasterKeys in the group so offline ones are tried first
-		sort.SliceStable(group, func(i, j int) bool {
-			return intkeyservice.IsOfflineMethod(group[i]) && !intkeyservice.IsOfflineMethod(group[j])
-		})
-	}
-
-	metadataKey, err := tree.Metadata.GetDataKeyWithKeyServices(d.keyServiceServer(), nil)
+	metadataKey, err := tree.Metadata.GetDataKeyWithKeyServices(d.keyServiceServer(), sops.DefaultDecryptionOrder)
 	if err != nil {
 		return nil, sopsUserErr("cannot get sops data key", err)
 	}