Console
    Contact Us Start free

    Delete a secret

    This page describes how to delete a secret and all of its versions.

    To delete only a secret version, see Destroy a secret version .

    Required roles

    To get the permissions that you need to delete a secret, ask your administrator to grant you the Secret Manager Admin ( roles/secretmanager.admin ) IAM role on the secret, project, folder, or organization. For more information about granting roles, see Manage access to projects, folders, and organizations .

    You might also be able to get the required permissions through custom roles or other predefined roles .

    Delete a secret

    To delete a secret, use one of the following methods:

    Console

    1. In the Google Cloud console, go to the Secret Manager page.

      Go to Secret Manager

    2. Select the secret that you want to delete.

    3. Click Actions , and then click Delete .

    4. In the confirmation dialog that appears, enter the name of the secret, and then click Delete secret .

    gcloud

    Before using any of the command data below, make the following replacements:

    • SECRET_ID : the ID of the secret

    Execute the following command:

    Linux, macOS, or Cloud Shell

    gcloud  
secrets  
delete  
 SECRET_ID

    Windows (PowerShell)

    gcloud  
secrets  
delete  
 SECRET_ID

    Windows (cmd.exe)

    gcloud  
secrets  
delete  
 SECRET_ID

    The response returns the secret.

    REST

    Before using any of the request data, make the following replacements:

    • PROJECT_ID : the Google Cloud project ID
    • SECRET_ID : the ID of the secret

    HTTP method and URL:

    DELETE https://secretmanager.googleapis.com/v1/projects/ PROJECT_ID 
/secrets/ SECRET_ID

    Request JSON body:

    {}

    To send your request, choose one of these options:

    curl

    Save the request body in a file named request.json , and execute the following command:

    curl -X DELETE \
    -H "Authorization: Bearer $(gcloud auth print-access-token)" \
    -H "Content-Type: application/json; charset=utf-8" \
    -d @request.json \
    "https://secretmanager.googleapis.com/v1/projects/ PROJECT_ID 
/secrets/ SECRET_ID 
"

    PowerShell

    Save the request body in a file named request.json , and execute the following command:

    $cred = gcloud auth print-access-token
    $headers = @{ "Authorization" = "Bearer $cred" }

    Invoke-WebRequest `
    -Method DELETE `
    -Headers $headers `
    -ContentType: "application/json; charset=utf-8" `
    -InFile request.json `
    -Uri "https://secretmanager.googleapis.com/v1/projects/ PROJECT_ID 
/secrets/ SECRET_ID 
" | Select-Object -Expand Content

    You should receive a JSON response similar to the following:

    {}

    C#

    To run this code, first set up a C# development environment and install the Secret Manager C# SDK . On Compute Engine or GKE, you must authenticate with the cloud-platform scope .

      using 
  
  Google.Cloud.SecretManager.V1 
 
 ; 
 public 
  
 class 
  
 DeleteSecretSample 
 { 
  
 public 
  
 void 
  
 DeleteSecret 
 ( 
  
 string 
  
 projectId 
  
 = 
  
 "my-project" 
 , 
  
 string 
  
 secretId 
  
 = 
  
 "my-secret" 
 ) 
  
 { 
  
 // Create the client. 
  
  SecretManagerServiceClient 
 
  
 client 
  
 = 
  
  SecretManagerServiceClient 
 
 . 
  Create 
 
 (); 
  
 // Build the resource name. 
  
  SecretName 
 
  
 secretName 
  
 = 
  
 new 
  
  SecretName 
 
 ( 
 projectId 
 , 
  
 secretId 
 ); 
  
 // Delete the secret. 
  
 client 
 . 
  DeleteSecret 
 
 ( 
 secretName 
 ); 
  
 } 
 }

    Go

    To run this code, first set up a Go development environment and install the Secret Manager Go SDK . On Compute Engine or GKE, you must authenticate with the cloud-platform scope .

      import 
  
 ( 
  
 "context" 
  
 "fmt" 
  
 secretmanager 
  
 "cloud.google.com/go/secretmanager/apiv1" 
  
 "cloud.google.com/go/secretmanager/apiv1/secretmanagerpb" 
 ) 
 // deleteSecret deletes the secret with the given name and all of its versions. 
 func 
  
 deleteSecret 
 ( 
 name 
  
 string 
 ) 
  
 error 
  
 { 
  
 // name := "projects/my-project/secrets/my-secret" 
  
 // Create the client. 
  
 ctx 
  
 := 
  
 context 
 . 
 Background 
 () 
  
 client 
 , 
  
 err 
  
 := 
  
 secretmanager 
 . 
  NewClient 
 
 ( 
 ctx 
 ) 
  
 if 
  
 err 
  
 != 
  
 nil 
  
 { 
  
 return 
  
 fmt 
 . 
 Errorf 
 ( 
 "failed to create secretmanager client: %w" 
 , 
  
 err 
 ) 
  
 } 
  
 defer 
  
 client 
 . 
  Close 
 
 () 
  
 // Build the request. 
  
 req 
  
 := 
  
& secretmanagerpb 
 . 
 DeleteSecretRequest 
 { 
  
 Name 
 : 
  
 name 
 , 
  
 } 
  
 // Call the API. 
  
 if 
  
 err 
  
 := 
  
 client 
 . 
 DeleteSecret 
 ( 
 ctx 
 , 
  
 req 
 ); 
  
 err 
  
 != 
  
 nil 
  
 { 
  
 return 
  
 fmt 
 . 
 Errorf 
 ( 
 "failed to delete secret: %w" 
 , 
  
 err 
 ) 
  
 } 
  
 return 
  
 nil 
 }

    Java

    To run this code, first set up a Java development environment and install the Secret Manager Java SDK . On Compute Engine or GKE, you must authenticate with the cloud-platform scope .

      import 
  
 com.google.cloud.secretmanager.v1. SecretManagerServiceClient 
 
 ; 
 import 
  
 com.google.cloud.secretmanager.v1. SecretName 
 
 ; 
 import 
  
 java.io.IOException 
 ; 
 public 
  
 class 
 DeleteSecret 
  
 { 
  
 public 
  
 static 
  
 void 
  
 deleteSecret 
 () 
  
 throws 
  
 IOException 
  
 { 
  
 // TODO(developer): Replace these variables before running the sample. 
  
 String 
  
 projectId 
  
 = 
  
 "your-project-id" 
 ; 
  
 String 
  
 secretId 
  
 = 
  
 "your-secret-id" 
 ; 
  
 deleteSecret 
 ( 
 projectId 
 , 
  
 secretId 
 ); 
  
 } 
  
 // Delete an existing secret with the given name. 
  
 public 
  
 static 
  
 void 
  
 deleteSecret 
 ( 
 String 
  
 projectId 
 , 
  
 String 
  
 secretId 
 ) 
  
 throws 
  
 IOException 
  
 { 
  
 // Initialize client that will be used to send requests. This client only needs to be created 
  
 // once, and can be reused for multiple requests. After completing all of your requests, call 
  
 // the "close" method on the client to safely clean up any remaining background resources. 
  
 try 
  
 ( 
  SecretManagerServiceClient 
 
  
 client 
  
 = 
  
  SecretManagerServiceClient 
 
 . 
 create 
 ()) 
  
 { 
  
 // Build the secret name. 
  
  SecretName 
 
  
 secretName 
  
 = 
  
  SecretName 
 
 . 
 of 
 ( 
 projectId 
 , 
  
 secretId 
 ); 
  
 // Delete the secret. 
  
 client 
 . 
 deleteSecret 
 ( 
 secretName 
 ); 
  
 System 
 . 
 out 
 . 
 printf 
 ( 
 "Deleted secret %s\n" 
 , 
  
 secretId 
 ); 
  
 } 
  
 } 
 }

    Node.js

    To run this code, first set up a Node.js development environment and install the Secret Manager Node.js SDK . On Compute Engine or GKE, you must authenticate with the cloud-platform scope .

      /** 
 * TODO(developer): Uncomment these variables before running the sample. 
 */ 
 // const name = 'projects/my-project/secrets/my-secret'; 
 // Imports the Secret Manager library 
 const 
  
 { 
 SecretManagerServiceClient 
 } 
  
 = 
  
 require 
 ( 
 ' @google-cloud/secret-manager 
' 
 ); 
 // Instantiates a client 
 const 
  
 client 
  
 = 
  
 new 
  
  SecretManagerServiceClient 
 
 (); 
 async 
  
 function 
  
 deleteSecret 
 () 
  
 { 
  
 await 
  
 client 
 . 
 deleteSecret 
 ({ 
  
 name 
 : 
  
 name 
 , 
  
 }); 
  
 console 
 . 
 log 
 ( 
 `Deleted secret 
 ${ 
 name 
 } 
 ` 
 ); 
 } 
 deleteSecret 
 ();

    PHP

    To run this code, first learn about using PHP on Google Cloud and install the Secret Manager PHP SDK . On Compute Engine or GKE, you must authenticate with the cloud-platform scope .

      // Import the Secret Manager client library. 
 use Google\Cloud\SecretManager\V1\Client\SecretManagerServiceClient; 
 use Google\Cloud\SecretManager\V1\DeleteSecretRequest; 
 /** 
 * @param string $projectId Your Google Cloud Project ID (e.g. 'my-project') 
 * @param string $secretId  Your secret ID (e.g. 'my-secret') 
 */ 
 function delete_secret(string $projectId, string $secretId): void 
 { 
 // Create the Secret Manager client. 
 $client = new SecretManagerServiceClient(); 
 // Build the resource name of the secret. 
 $name = $client->secretName($projectId, $secretId); 
 // Build the request. 
 $request = DeleteSecretRequest::build($name); 
 // Delete the secret. 
 $client->deleteSecret($request); 
 printf('Deleted secret %s', $secretId); 
 }

    Python

    To run this code, first set up a Python development environment and install the Secret Manager Python SDK . On Compute Engine or GKE, you must authenticate with the cloud-platform scope .

      def 
  
 delete_secret 
 ( 
 project_id 
 : 
 str 
 , 
 secret_id 
 : 
 str 
 ) 
 - 
> None 
 : 
  
 """ 
 Delete the secret with the given name and all of its versions. 
 """ 
 # Import the Secret Manager client library. 
 from 
  
 google.cloud 
  
 import 
 secretmanager 
 # Create the Secret Manager client. 
 client 
 = 
 secretmanager 
 . 
  SecretManagerServiceClient 
 
 () 
 # Build the resource name of the secret. 
 name 
 = 
 client 
 . 
  secret_path 
 
 ( 
 project_id 
 , 
 secret_id 
 ) 
 # Delete the secret. 
 client 
 . 
  delete_secret 
 
 ( 
 request 
 = 
 { 
 "name" 
 : 
 name 
 })

    Ruby

    To run this code, first set up a Ruby development environment and install the Secret Manager Ruby SDK . On Compute Engine or GKE, you must authenticate with the cloud-platform scope .

      # project_id = "YOUR-GOOGLE-CLOUD-PROJECT"  # (e.g. "my-project") 
 # secret_id  = "YOUR-SECRET-ID"             # (e.g. "my-secret") 
 # Require the Secret Manager client library. 
 require 
  
 "google/cloud/secret_manager" 
 # Create a Secret Manager client. 
 client 
  
 = 
  
 Google 
 :: 
 Cloud 
 :: 
  SecretManager 
 
 . 
  secret_manager_service 
 
 # Build the resource name of the secret. 
 name 
  
 = 
  
 client 
 . 
 secret_path 
  
 project 
 : 
  
 project_id 
 , 
  
 secret 
 : 
  
 secret_id 
 # Delete the secret. 
 client 
 . 
 delete_secret 
  
 name 
 : 
  
 name 
 # Print a success message. 
 puts 
  
 "Deleted secret 
 #{ 
 name 
 } 
 "

    What's next
    Create a Mobile Website
    View Site in Mobile | Classic
    Share by: