Send feedback
Wipe out KMS keys
Stay organized with collections
Save and categorize content based on your preferences.
Warning: Deleting keys is a total and complete wipeout. You cannot
retrieve your keys after performing the actions on this page. The Platform Administrator (PA) can delete Key Management System (KMS) keys in
the org admin cluster.
The PA can delete the AEAD and Signing keys in the project namespace.
See Supported keys for the full
list of KMS keys.
Before you begin
Before continuing, ensure you do the following:
Configure kubectl to access the org admin cluster. Follow the steps in
Get a kubeconfig file to
use the gdcloud command-line interface (CLI).
Get the KMS Admin role to delete KMS keys. Ask your Organization IAM
Admin to grant you the KMS Admin (kms-admin) role in your project namespace.
Delete all keys
To delete all keys in a project namespace, use the following
command:
kubectl --kubeconfig ORG_ADMIN_KUBECONFIG \
delete KEY_PRIMITIVE --namespace= PROJECT --all
Replace the following variables:
ORG_ADMIN_KUBECONFIG : the kubeconfig file
of the org admin cluster.KEY_PRIMITIVE : the keys you want to delete. For
example: aeadkey for the AEAD key.PROJECT with the name of the project. For
example: kms-test1.
Note: To delete keys of all primitive types, ensure to run the command for all
possible key primitive types: aeadkey and signingkey.
Send feedback
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License , and code samples are licensed under the Apache 2.0 License . For details, see the Google Developers Site Policies . Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-01-28 UTC.
Need to tell us more?
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-01-28 UTC."],[],[]]
